Jan Cybulski [Sat, 31 Jan 2015 09:38:33 +0000 (10:38 +0100)]
Add API stub for setting policies
Change-Id: I56ccafe0432c44e7f5f97abd9f1aa29ff76e4c47
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Tue, 27 Jan 2015 11:06:44 +0000 (12:06 +0100)]
Terminate service if it cannot setup its sockets
Currently even if the server cannot listen on a socket it will continue
running. There is no point in that, when no client will be able to connect.
Change-Id: I74ad5a9fddee1072f7642c036a088805f53caa11
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Fri, 19 Dec 2014 21:51:44 +0000 (22:51 +0100)]
Change "operation" argument type in CynaraAdminPolicy constructor
This change is needed in for policy updates. We need to support wide spectrum
of results, starting from DENY (0) to ALLOW (0xFFFF). SM should not be limited
to few enum class literals.
Change-Id: I1e8d26893120309f6d6276da4bb5e146936a7e59
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Sebastian Grabowski [Tue, 13 Jan 2015 12:16:23 +0000 (13:16 +0100)]
Doc: correct misleading description of functions in service_impl.h
Change-Id: I3a870ca7bb9d8c52dc49a202290950ef4a4356ba
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Tue, 27 Jan 2015 10:58:01 +0000 (11:58 +0100)]
Require socket to be passed by systemd, don't create it on our own
Socket configuration, including path, ownership, DAC and Smack configuration
is handled by systemd socket file. There is no point in duplicating that
in the code as the service will always be run by systemd anyway.
Existing socket configuration was also wrong and different from what systemd
had.
Change-Id: I4131ecf4cd0d886aec57a932c6540f10da9785a3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Thu, 29 Jan 2015 14:36:09 +0000 (15:36 +0100)]
Remove cynara entries regarding removed user
Change-Id: I807f4b5ebf76b29b5a9049a9a6bbfd51056d6697
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Krzysztof Sasiak [Fri, 19 Dec 2014 14:37:33 +0000 (15:37 +0100)]
Add EmptyBucket convenience method to CynaraAdmin class.
Change-Id: Ia050336fb69d669488601a18211775b9136d8070
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
Michal Eljasiewicz [Thu, 11 Dec 2014 07:47:43 +0000 (08:47 +0100)]
Add wrapper in CynaraAdmin for Cynara listing policies.
Change-Id: I7f8a81e6479a26446b91ac745b7b5df28ab78675
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Jan Cybulski [Fri, 23 Jan 2015 12:02:57 +0000 (13:02 +0100)]
Change security-manager-command exception schema
Stop using try-catch template from DPL.
There is no need to make a coredump everytime an unexpected exception is thrown.
Use only one try-catch block for all exceptions thrown during parsing options.
Change-Id: I4faa2ad5ff7aa66c61c8830c7e1a43d03e7d9e8e
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 23 Jan 2015 11:22:23 +0000 (12:22 +0100)]
fix: unbreak --install option caused by wrong --manage-users parameter
--manage-users option is not required.
Change-Id: I523a11ddc0e4925059b7759c009d8f9c129f3ae9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Michal Eljasiewicz [Mon, 22 Dec 2014 13:33:13 +0000 (14:33 +0100)]
Add default policy for user when creating it.
Change-Id: Ifc2896aa413ec7c003136a5886f7aad84c0c8f00
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Sebastian Grabowski [Tue, 23 Dec 2014 14:39:17 +0000 (15:39 +0100)]
Fix assertion about not clearing DataCommands objects
The following assertion occurs during exiting security-manager
when any command was executed on security-manager db:
"Condition: m_dataCommandsCount == 0 All stored procedures must be
deleted before disconnecting SqlConnection"
It was caused by not clearing list of DataCommands before destroying db
SqlConnection.
Change-Id: If2151dfc38df23ce9af00a47ac0d7939c13adaa1
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Michal Eljasiewicz [Mon, 5 Jan 2015 14:17:20 +0000 (15:17 +0100)]
Add app permissions to MANIFESTS bucket instead of default.
Change-Id: Ic19078c83c7075717c3d6b3c10c8883944519e5f
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Rafal Krypa [Thu, 22 Jan 2015 10:28:49 +0000 (11:28 +0100)]
Add tool for initialization of Cynara policy structure
Program security-manager-policy-reload will (re)initialize Cynara buckets
structure and static bucket contents for user types.
Run this program from %post script of security-manager-policy to initialize
Cynara policy during installation.
Change-Id: Ibe78b9d969ff91dcf96b4805fff5884ddb3157f6
Marcin Lis [Wed, 17 Dec 2014 14:31:12 +0000 (15:31 +0100)]
Packaging: Use "_datadir" rpm macro instead of hardcoded paths
Change-Id: I18c7039f0fbae06fd3f796088553d02b558c766e
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Michal Eljasiewicz [Fri, 19 Dec 2014 08:54:49 +0000 (09:54 +0100)]
Define Cynara buckets inside CynaraAdmin class
Change-Id: I4380aa94f04c728ab4467264db5d1c12e0aaff60
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Rafal Krypa [Tue, 20 Jan 2015 18:46:33 +0000 (19:46 +0100)]
Convert static method CynaraAdmin::SetPolicies back to normal
Now that CynaraAdmin is a singleton class, it's methods should be called
from the singleton instance.
Change-Id: I9db11c516d2c92cb5994ebb9605d0d5f1789cead
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Wed, 17 Dec 2014 08:53:19 +0000 (09:53 +0100)]
Add offline mode to security_manager_user_add
There must be an offline mode for registering user
for sake of adding users during image creation time.
Change-Id: I295a207c52cfb34fc1464cd1a1214118c1eb3dd7
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Tue, 20 Jan 2015 08:14:13 +0000 (09:14 +0100)]
Register gumd hook for adding and removing user
Change-Id: If0f68053e16faa5d16c62dcfa5aa6bd606d1b9ca
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Mon, 29 Dec 2014 10:57:47 +0000 (11:57 +0100)]
Add cmd tool option for user management in security manager
Change-Id: I88170be340ea095ea9f76b74b4fc02af021bd29f
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
José Bollo [Thu, 8 Jan 2015 09:33:52 +0000 (10:33 +0100)]
Improved rules within user directories
Applying proposal of Rafal Krypa made during F2F meeting of
september 2014 in Vannes.
Change-Id: I1e40e5bff16c024c4d93d2abcf508c815a237234
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Roman, Kubiak [Wed, 26 Nov 2014 12:43:15 +0000 (04:43 -0800)]
Change smack labeling to be appId based.
* Generation of rules for all applications in a package so
that they can share resources
* Smack labels are now appId based (appId refers to app_name
in the database)
Change-Id: I464ca4b1a4558a0579b9da69b5b599d07340a60d
Lukasz Kostyra [Wed, 26 Nov 2014 09:49:33 +0000 (10:49 +0100)]
Extract BaseService from Service class
BaseService will be a base class for SM services, eg. a master service coming
up in next patches.
[Verification] Build, install, run tests.
Change-Id: Ie55d1b22c8887ee605e16b86adee75cfffdbe147
Sebastian Grabowski [Wed, 10 Dec 2014 16:18:35 +0000 (17:18 +0100)]
Fix includes in cynara.
Inlcuding <vector> is required in cynara header file. Otherwise, when
including cynara.h in other parts of code there may be a need for
additional vector include.
Change-Id: I1f251daa4f825d6072b720244d040c3bab174359
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Krzysztof Sasiak [Thu, 27 Nov 2014 10:02:44 +0000 (11:02 +0100)]
Add security-manager policy for user types
Change-Id: I1c5ea026fe3b69ec0d2ba1338ded1033ad5db6b2
Jan Cybulski [Thu, 27 Nov 2014 07:28:53 +0000 (08:28 +0100)]
Implementation of API for user management
Change-Id: Ib2cb08e1c466bc93775f8efe32dccd118ef095ad
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Wed, 10 Dec 2014 06:58:03 +0000 (07:58 +0100)]
Add API for user management
Change-Id: I429dfa82b7cb669713b357ebe50d0b599ad8ebed
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Tue, 9 Dec 2014 12:29:08 +0000 (13:29 +0100)]
PrivilegeDb: introduce convenient private method for fetching prepared query
Create an internal method for repeating code pattern fetching the prepared
query from internal data structure and resetting it before use.
Change-Id: I346e5a0790d869632181737b52d6d5ba78da79c3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Wed, 9 Jul 2014 12:59:56 +0000 (14:59 +0200)]
Fix minor errors in code.
* m_maxDesc was used without initialization.
* client-common module passed wrong value to poll if
connect returns EINPROGRESS (was POLLIN, should be POLLOUT)
Change backported from security-server repository.
Change-Id: I4df6d67ff2214bd0ad857744a2c82bff5e7be299
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Dec 2014 14:39:54 +0000 (15:39 +0100)]
Server code no longer needs to include cynara and privilege-db headers
Dependant code has been recently moved to common library.
Change-Id: I5ae4a6a3ed43e00f5cf0e301ee33107844d36664
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Dec 2014 14:30:07 +0000 (15:30 +0100)]
Move database schema into a more convenient location
Change-Id: I7444211fd43be873d62c423ccd32fac65e40773e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Wed, 3 Dec 2014 11:18:04 +0000 (12:18 +0100)]
Fix: disallow installing apps with the same id in different packages
Change-Id: I04fca4edcd265e2853a9ce146e6dcc95d1f92dc9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Marcin Lis [Thu, 27 Nov 2014 13:06:08 +0000 (14:06 +0100)]
Prepare database queries during PrivilegeDb singleton init
Avoid too many sqlite3_prepare_v2 calls, which take many cpu cycles to complete.
SQLite statements may be prepared once when DB object is created.
Change-Id: I99e4fd3fea63fd61396c9f7b2c3b13539f312d48
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Sebastian Grabowski [Mon, 1 Dec 2014 15:26:56 +0000 (16:26 +0100)]
Added security_manager_strerror function.
This function translates lib_retcode(s) to a string describing given
error that occured in security-manager.
Change-Id: Ied57ff8c27a972123b28714ebc25efe143c6d64c
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 13:22:02 +0000 (14:22 +0100)]
Added security-manager-cmd application.
The purpose of this application is to have an offline tool that will do
some commands in offline mode i.e.: when security-manager service cannot
be run.
For now, only install command is supported which should be the
equivalent of security_manager_app_install function.
Change-Id: Ia9ef60b1a335650fea90c02e5fdd76ac48030f84
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Jan Cybulski [Mon, 24 Nov 2014 14:44:18 +0000 (15:44 +0100)]
Database access function obtaining apps of a certain user
This will be used during user removal in security-manager.
Change-Id: I524c9bf2da936054b7c1b597d7e4eaf879872912
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Wed, 5 Nov 2014 11:27:23 +0000 (12:27 +0100)]
Added support for offline applications installations mode
Added support for offline mode in AppInstall function.
Moreover, security_manager_app_install will now check if it can get
a file lock on /run/lock/security-manager.lock. If it can it will do
installation request in offline mode. Otherwise, it will send
installation request to security-manager service.
Change-Id: Ie8b8f98b1fa0d3021ae76ee7aa4e7416e3ed73b9
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Thu, 27 Nov 2014 15:15:23 +0000 (16:15 +0100)]
Typo fixes in installRequestAuthCheck
Changed 'paramter' to 'parameter' in installRequestAuthCheck function.
Change-Id: Iba5e3f6c3388c9faea8a326b7bf8e1b4ba48b0fa
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Fri, 21 Nov 2014 10:55:07 +0000 (11:55 +0100)]
Split service implementation logic away from the Service class
The code implementing logic of Service methods is now available as separate
functions. They will be available to both Service class and to the upcoming
offline client implementation.
Change-Id: Ib86af8c0f28dd7a1333e67ad0f2a4c968ff181cf
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 20 Nov 2014 23:45:05 +0000 (00:45 +0100)]
Convert Cynara, CynaraAdmin and PrivilegeDb classes into singletons
These classes are now used by the Service class to perform operations
requested by clients. But they will be also needed by offline client
implementation. Having them as private members of the Service class is no
longer feasible.
To keep their usage simple and available to the client as well, they are
now used as singletons.
Change-Id: I900a368ea14fbe61179c712b6e891f213ca61c5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Sebastian Grabowski [Wed, 5 Nov 2014 11:34:18 +0000 (12:34 +0100)]
Use file lock in security-manager
This change makes that security-manager checks this file lock:
/run/lock/security-manager.lock.
Change-Id: If7032089fb70eda80b0d89b649678a5af7061bf4
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 11:16:24 +0000 (12:16 +0100)]
Added FileLocker class
Initial version of file locking class for use in upcoming offline mode.
Change-Id: I4acd73ba56d09393bd138da94559b2be18e2cc3b
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 10:55:33 +0000 (11:55 +0100)]
Added security_manager_app_inst_req_set_uid function
Added uid field to app_inst_req structure.
Change-Id: Ida0204549bb4818bcd401b5d62c7e13f7dbc04b2
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Tue, 18 Nov 2014 16:58:08 +0000 (17:58 +0100)]
Release version 0.2.0
Also fill the changelog for two previous releases.
Change-Id: I590dfd6bc302b26a0aaf2afa8b6fd1addae8194d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Tue, 18 Nov 2014 08:29:13 +0000 (09:29 +0100)]
Fix checking for privileges during obtaining group
Privileges of apps installed for all users also needs to be taken into account.
Change-Id: I1d31a27dc0b718f46b26d654c518d8071bbe4cfb
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Tue, 18 Nov 2014 08:16:51 +0000 (09:16 +0100)]
Sanitize handling of global application user.
Remove inconsistency with treating both root and tizenglobalapp as global
users. For both cases uid of user TZ_SYS_GLOBALAPP_USER will be saved
in the data base to distinguish globally installed applications.
The whole code for handling global user was refactored by the way.
Change-Id: I5764e1f9675ebf3bb9091ede4fef724d053fed8d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 09:47:05 +0000 (10:47 +0100)]
Move some modules to common library
There are modules for handling smack, cynara, privilege db that were
grouped in server code. However, there are upcoming changes (for offline
mode) that will require these modules to be used also i.e. by client
code. Thus it would be better to have these modules in common library.
Change-Id: Ifddd037a159dc142077290c09b7e05da98ce46e5
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Janusz Kozerski [Mon, 27 Oct 2014 14:19:56 +0000 (15:19 +0100)]
Don't remove "User" Smack rules on application uninstall
Temporary fix.
After app uninstall and remove app rules, all rules from
files in accesses.d directory are re-loaded.
Change-Id: I7786a356108d17ed948abbc615f22286b251c0b3
Signed-off-by: Janusz Kozerski <j.kozerski@gmail.com>
Krzysztof Sasiak [Mon, 13 Oct 2014 14:55:00 +0000 (16:55 +0200)]
Use group names instead of group ids (gid)
Database will now contain group names instead of group ids.
Change-Id: I67dc5cf9e853b9b1ca56eeea1c006ce194f1530d
José Bollo [Wed, 3 Sep 2014 11:26:58 +0000 (13:26 +0200)]
Removal of xattr "security.TIZEN_EXEC_LABEL"
This attribute is a duplication of the SMACKEXEC
mechanism for the links. This duplication is
complicating the security mechanisms that have
to remain simple to be applied and supported
efficiently. The SMACKEXEC mechanism is the only
required mechanism. For the other uses, the function
security_manager_set_process_label_from_appid is
enough.
Change-Id: Ic831547a318942af5603a3609b87f52577109479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Rafal Krypa [Tue, 23 Sep 2014 18:08:36 +0000 (20:08 +0200)]
Introduce convenience function for setting application security.
There are already three security-manager functions that a launcher should
call before launching the application. In the common case they will just
be called in sequence.
Provide an API function that handles all aspects for application process
preparation: set the Smack label, set additional groups and drop
capabilities.
Change-Id: I5c8346c5f834f8a4fb106169866de42578265da8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 19 Sep 2014 17:36:14 +0000 (19:36 +0200)]
When setting process Smack label, fix labels of socket file descriptors
File descriptors for sockets get Smack labels when sockets are created.
But if Smack labels is changed for a process with open socket descriptors,
those descriptors keep the old Smack label. This should not happen during
application launch, because launched application could be identified as
a non-app user process.
To avoid this, all open file descriptors which happen to be sockets will
be relabeled inside security_manager_set_process_label_* functions.
Change-Id: I209a7a15edef7a2c20a9a4a00806a5d3876fb9e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 23 Sep 2014 18:08:16 +0000 (20:08 +0200)]
Provide a function for launchers for dropping process capabilities
The functions for launchers, manipulating process Smack label and groups,
require elevated privileges. Since they will be called by launcher after
fork, in the process for the application, privileges should be dropped
before running an actual application.
This patch introduces a convenience function for launchers for dropping
capabilities from a process: security_manager_drop_process_privileges.
Change-Id: Iff06554bdcf2d51d0163e4dcb83ea9b976896740
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
José Bollo [Tue, 2 Sep 2014 13:11:55 +0000 (15:11 +0200)]
Improvement of tagging directories.
The directories are visited two times: in pre-order
and post-order. Here to avoid tagging at both times
we choose to simply tag in post-order (that is for
simplicity of the code.
Change-Id: I866481471d433036ca371035c74e583b3a9dcfda
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Lukasz Wojciechowski [Thu, 16 Oct 2014 08:04:15 +0000 (10:04 +0200)]
Adjust libcynara-admin error codes
Cynara integrates error codes in all libraries.
Release 0.4.0 uses new unified error codes.
Old error codes are removed.
This patch changes old error codes into new ones.
Please do not merge this patch until 0.4.0 is released
or patch "35771f4 Use client error codes in admin libraries"
in cynara repository is merged.
Change-Id: I354bd4a4c3a9adea9308efb8ed6f9025d26f92f1
José Bollo [Tue, 16 Sep 2014 14:44:19 +0000 (16:44 +0200)]
Resolving global application user
The global applications are set using the system
user 'tizenglobalapp'. In fact this name is set in
the tizen configuration variable TZ_SYS_GLOBALAPPUSER
and its uid should be retrieved using tzplatform_getuid.
Change-Id: I01635d1f65add0159b8d73fef60b76d03798fe52
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
José Bollo [Tue, 2 Sep 2014 14:44:49 +0000 (16:44 +0200)]
Fix a build error in 64 bits
In 64bits archs, size_t is 64bits while int is 32 bits.
In fact, the type used for length on the sierialiser is int.
Change-Id: I6aa2ee89cd909dcebbf8c5436d586569f5f3875d
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Rafal Krypa [Mon, 15 Sep 2014 11:30:59 +0000 (13:30 +0200)]
Remove obsolete code from security-manager-util
Legacy code inherited from security-server.
Change-Id: I432b46cca9f60879fe9ff9bed811705c8191001b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 16:34:04 +0000 (18:34 +0200)]
Add missing include and link dependencies in cmakes
Change-Id: Ie9095e602134af962ecc231070fbc6f2a86e1ea0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Sep 2014 14:04:18 +0000 (16:04 +0200)]
Completely remove dlog remainings
Security-manager uses systemd for logging for some time already, this
code is no longer needed.
Change-Id: I9f099c00422ffeed23f65d8350bf7d8957cc00af
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 10:25:56 +0000 (12:25 +0200)]
Implement client API for launcher adding process to supplementary groups
In Tizen some sensitive resources are being accessed by applications
directly. The resources, being file system objects, are owned by
dedicated GIDs and only processes in those UNIX groups can access them.
This function should be used by application launcher for adding
application process to all permitted groups that are assigned to such
privileges.
Change-Id: I608d84e77869378b28c4130443323143b71380c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 29 Aug 2014 18:27:24 +0000 (20:27 +0200)]
Implement fetching group ids assigned to a privilege from data base
Change-Id: I439a710cc203c201426c48866c4ab1d88798dcc7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 2 Sep 2014 09:45:51 +0000 (11:45 +0200)]
Implement checking policies with Cynara
Support calling libcynara-client to check for applications permissions.
Change-Id: Icb44dc9a24f0ef519863075203b3be8eb0b07c2c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 2 Sep 2014 09:29:00 +0000 (11:29 +0200)]
Fix Cynara policy setting, use Smack label as app identifier
In Tizen Cynara policies should use application Smack label as application
identifier. Services using Cynara will be based on that assumption.
Previously security-manager incorrectly used pkgId as app identifier.
Change-Id: I31f59e3c6a037cc3730936963b10a1e7bcb008e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 29 Aug 2014 16:34:49 +0000 (18:34 +0200)]
Refactoring: there will be only one service
Security-manager started with installer service implementation. It was
created in a way supporting future creation of other services, working
in separate threads and listening on separate sockets. Such design is
however not planned for this project. The installer service recently
began to implement methods not related to installation, which begged for
some refactoring.
Hereby the installer service is renamed as just "service". There will be
a single socket and single service for all security-manager functions.
Change-Id: I40e939ded1b0e20c4e92c86738fb62ea4acd4a50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 27 Aug 2014 16:11:53 +0000 (18:11 +0200)]
Fix checking whether application path is inside user's home directory.
Internal function installRequestAuthCheck() making this check contained
few bugs. It didn't canonicalize the home directory. It simply checked
for substring instead of subdirectory ("/home/useruser" shouldn't be
considered as subdirectory of "/home/user"). It relied on PATH_MAX for
realpath() calls, which is broken by design according to function manual.
All of the above issues are now corrected.
Change-Id: I446c50e642b38ecbd1b4997ec5e6f7c9b5032291
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Thu, 7 Aug 2014 13:32:45 +0000 (15:32 +0200)]
Drop libprivilege-control
Change-Id: Ifff71e53ad15d644d50b978bcb979bb492c09f92
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Thu, 24 Jul 2014 10:14:26 +0000 (12:14 +0200)]
Changed CYNARA_ADMIN_WILDCARD to proper uid string.
Change-Id: Ic4e9b4d26c3c41a983a4db61bbd557c84ff7c542
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Sun, 13 Jul 2014 22:21:26 +0000 (00:21 +0200)]
Set Cynara policies during application installation and uninstallation
Applied policies will have a wildcard in "user" field. Security-manager
will handle app installation per user soon, so this will also be changed.
Change-Id: I41606fb94b7385426debbcf47a57ba1593dbfc5a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Fri, 1 Aug 2014 12:13:41 +0000 (14:13 +0200)]
Provide move constructor instead of copy constructor for CynaraAdminPolicy
The class stores pointers and owns the memory they point to. Memory is
allocated in constructor and freed in destructor. But copying these
pointers between objects causes double free in destructor. The poiners
should not be copied, only moved.
Now CynaraAdminPolicy will provide custom move constructor. It will be
used by default, since default copy constructor is now deleted.
Change-Id: If6c49184318c54574caff8af74b336dd1c8ddd2f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 1 Aug 2014 12:17:38 +0000 (14:17 +0200)]
Change pthread flag settings in CMake to a more generic construct
Modify the previous commit using proper CMake module for thread library
support.
Change-Id: I1eaf2f8bc3b6ac542e5c81deeba14f68e47af381
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Stephane Desneux [Fri, 25 Jul 2014 11:21:10 +0000 (13:21 +0200)]
Add missing gcc option -pthread to build correctly
Bug-Tizen: TC-1446
Change-Id: I5d2c560a01f867722c3918daa912048f098e3ab6
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
Jan Cybulski [Fri, 18 Jul 2014 13:35:29 +0000 (15:35 +0200)]
Move return codes sent by server to protocols.h
Those codes are not part of security-manager's API
but are used only in communication between client and
server part. Return codes of libsecurity-manager's
functions are defined in enum lib_retcode, so there
is no need in placing additional macros in header file
security-manager.h
Also: fix problems with documentation in those macros
Change-Id: Iaa2f489f2b0a3e9dc3d2aaf74f522451e1b65057
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 12:42:25 +0000 (14:42 +0200)]
Change security_manager_app_install return code
So far, security_manager_app_install returned only
SECURITY_MANAGER_SUCCESS or SECURITY_MANAGER_ERROR_UNKNOWN,
which is not enough now.
Now, there is possibility, that security manager would reject
installation of some applciations on the basis of uid and users
home directory.
This function will return information about that now as return code.
Change-Id: I53b23b8318a756a8fbf4b804e49046cfa5acd4e0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 08:56:11 +0000 (10:56 +0200)]
Register only directories inside user's HOME
Change-Id: I546ba542dea481db2efebb24bbe03e5cd87d7220
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 15:35:41 +0000 (17:35 +0200)]
Add possibility of installing apps for different users
Uid of installing user will be obtained from peer's socket
and will be stored in database.
Change-Id: I0a0edf726b54fc7b28e5f2063186a97eb29479a9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Marcin Lis [Wed, 16 Jul 2014 14:54:59 +0000 (16:54 +0200)]
Cynara: Change the type of exception in CynaraAdminPolicy constructors
It is better to keep exception types unified. That would minimize the number of
"catch" statements.
Change-Id: Id9e5bafef70c7ffb126a60c595505b644d596729
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Rafal Krypa [Fri, 11 Jul 2014 15:50:43 +0000 (17:50 +0200)]
Cynara: implement method for setting policies
Change-Id: I65a1c54c6307a60fba383b9e376c8541908ded59
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Tue, 15 Jul 2014 16:48:14 +0000 (18:48 +0200)]
Logging: Remove the log tag from logs messages
The log tag "SECURITY_MANAGER" and its client's version that were used in dlog
messages are not needed in systemd journal logs, this is redundant information.
It is easy to maintain the source of logs using journalctl.
Change-Id: Ia987cb3e401f46fe15eea210a0c2a9406caa7882
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Mon, 14 Jul 2014 15:58:58 +0000 (17:58 +0200)]
Logging: Refine security manager log printouts
Some of log traces were redundant, some of them carried unhelpul data. This
commit reorganizes calls to log macros to make them more helpful.
Change-Id: I6b814610e32f4c568ce6c8acfae33da0d1878dd0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Jacek Bukarewicz [Fri, 11 Jul 2014 13:40:00 +0000 (15:40 +0200)]
Implement setting process label for the given application
This change introduces functions for setting smack label for
application process. They are intended to be used by the app launcher
on application start.
2 variants have been implemented:
1) security_manager_set_process_label_from_binary
Function extracts smack label from the given application binary and sets
it for the current process
2) security_manager_set_process_label_from_appid
Function computes smack label for given application id and sets it for
current process
Change-Id: I4dfbaf133ec43e292f4ba54023b96a57df439562
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Jacek Bukarewicz [Fri, 11 Jul 2014 13:36:40 +0000 (15:36 +0200)]
Introduce IPC call for getting pkgid from appid
Change-Id: I9e2c05d15c3c4bad60f5bc3b5631226e9980dc24
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Rafal Krypa [Thu, 3 Jul 2014 18:34:41 +0000 (20:34 +0200)]
Initial code for adding rules to Cynara
Adding new class for interface to cynara-admin. No operations implemented
yet, only initialize and destroy.
Change-Id: I1337ae9586c9767fa51c5ffc30671d6b7a758e4c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafał Krypa [Fri, 11 Jul 2014 19:28:21 +0000 (21:28 +0200)]
Refactoring: put code operating on Smack labels in a separate file
Create smack-labels.cpp, containing code for label assignment and file
labeling. Avoid clutter in installer.cpp.
Change-Id: I97f5251e1bfcd53e242cd0117d48539a378fefde
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 3 Jul 2014 17:10:48 +0000 (19:10 +0200)]
Remove code from smack-common.cpp
This code was a legacy from security-server. Contained functions
get_smack_label_from_process() and smack_pid_have_access() won't be used
by security-manager.
Change-Id: I9ddddf4d4d0e4347c7b0b86de96bdcfc0d715b91
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Tue, 8 Jul 2014 14:17:45 +0000 (16:17 +0200)]
Logging: Change the default log provider to systemd journal.
This change replaces the default logging mechanism in the whole security
manager. The dlog provider is not used anymore and it is also excluded from
being build along with the project. Its sources should stay untouched by now.
To verify, first please install this together with the latest security-tests
package. When installed, run tests:
# security-manager-tests --output=text
And after that please check for the presence of traces in journal:
# journalctl --unit=security-manager.service
Please also check for the presence of security-manager-client traces:
# journalctl /usr/bin/security-manager-tests
Change-Id: I4af35d29a6a61d3a5a0bc4c3508bb872206a2f23
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Tue, 8 Jul 2014 10:48:22 +0000 (12:48 +0200)]
Logging: Add systemd journal log provider
The logging style inherited from the security-server needs to be adjusted to
Tizen 3.0 logging fashion. The dlog utility is no longer available, the systemd
journal is in use now.
Change-Id: I16c3f7348b60194c31a8bdcc0897f5ee9ec5aea0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Wed, 9 Jul 2014 15:42:23 +0000 (17:42 +0200)]
Logging: Remove macros and methods for Secure* logs.
Secure logs, inherited from security-server are no longer needed.
Replace calls to Secure* logs with their non-secure equivalents.
This is an initial commit in logging adaptation series. It should be
verified by successful build.
Change-Id: I908851f8927c46474489a6bf5053f480d65ac22d
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 13:55:52 +0000 (15:55 +0200)]
Use PrivilegeDb in installer code
Recently added and tuned PrivilegeDb is finally ready to provide information
for application installation and uninstallation.
Change-Id: Ia6560b4ce7488670f999a57c415c9a402e6b3f2e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 13:00:17 +0000 (15:00 +0200)]
PrivilegeDb: don't require pkgId argument for application removal
Drop second argument (pkgId) from RemoveApplication() method.
Add new public method GetAppPkgId() for getting application's pkgId and
use it inside RemoveApplication().
This is needed because uninstallation request will contain only appId.
Change-Id: Ic7f618a9c223a501e61a167fb7870e22e1926e20
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 09:54:29 +0000 (11:54 +0200)]
PrivilegeDb: drop TPrivilegesList typedef
The typedef cluttered the code without adding any significant value.
Change-Id: I7dacf9c7b46e68087a248acd907e208e6aa76c52
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 09:39:20 +0000 (11:39 +0200)]
Rework PrivilegeDb interface for setting application privileges
While integrating installer code with PrivilegeDb, the existing method for
setting privileges was found to be inadequate. It also would need further
complication to actually do what it was supposed to do.
New UpdateAppPrivileges() method now only updates privileges for application.
To calculate which privileges were added and which removed for the package,
installer will use GetPkgPrivileges() twice: before and after calling
UpdateAppPrivileges(). All three method calls must be done inside transaction.
Change-Id: Ib7e1b8a6b1482c6dcd8b7146c48187797e237bd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 14:52:15 +0000 (16:52 +0200)]
Unify internal naming convention: permission => privilege
Part 2: rename SQL file.
Change-Id: I76bb618197cb3c744550156fc5a6d58e9266c4ed
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 14:51:23 +0000 (16:51 +0200)]
Unify internal naming convention: permission => privilege
Words "permission" and "privilege" were used interchangeably throughout the
code. It was decided that security-manager will manage "application
privileges", as they are called in several Tizen documents.
Places calling them "permissions" were edited for unification.
Change-Id: I7db701ceb55237457258d63b2b7347aae50852ce
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 11:34:43 +0000 (13:34 +0200)]
In PrivilegeDb use function instead of macro for common exception handling
Reuse concept appearing in client-common.h to write repeated exception
handling code only once. It is based on C++11 lamba function feature, which
is superior to legacy macro in terms of type safety and debuggability.
Change-Id: If8f11246b97e7f10aa173d35018f5384527b16ee
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 11:24:04 +0000 (13:24 +0200)]
Change return type from bool to void for some methods of PrivilegeDb
Methods GetPkgPermissions, AddApplication, RemoveApplication and
UpdatePermissions had return type set to void. But they didn't return
anything useful. The actual return value was always true or exception
throw.
Changing the types to void will also make usage of these methods simpler.
Change-Id: Id588c314c6aa1af0ea3c17ed02d0f6bf20411193
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 27 Jun 2014 16:53:46 +0000 (18:53 +0200)]
Adjust code formatting in privilege_db.cpp
Align formatting of function definitions with the rest of the code.
Change-Id: I10fe2b0f69f3bed1bc459af0c56e57a557c20f32
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 12:52:07 +0000 (14:52 +0200)]
spec: add missing calls do ldconfig on %post and %postun
The main package also contains a library, so it should call ldconfig.
Problem reported by rpmlint.
Change-Id: Id9fdd874f725e1793f155d2766b8a25fee2df4db
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 10:38:44 +0000 (12:38 +0200)]
Fix buld break on x86_64, regression in
3e62e851
Unify systemd installation directories between spec and CMake, avoiding
problems on x86_64 (/usr/lib64 vs. /usr/lib).
Change-Id: I5db9cf50978f20d318f7d11349d5437b184b394f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 26 Jun 2014 17:37:47 +0000 (19:37 +0200)]
Generate database during build, include it in the package
Initialized, empty sqlite database will be included into security-manager
package to enable integration with the code.
Change-Id: I3e5389d15a9e3a370941ef70f425da765bfc2690
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
projects / platform / core / security / security-manager.git / log