Sebastian Grabowski [Wed, 10 Dec 2014 16:18:35 +0000 (17:18 +0100)]
Fix includes in cynara.
Inlcuding <vector> is required in cynara header file. Otherwise, when
including cynara.h in other parts of code there may be a need for
additional vector include.
Change-Id: I1f251daa4f825d6072b720244d040c3bab174359
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Krzysztof Sasiak [Thu, 27 Nov 2014 10:02:44 +0000 (11:02 +0100)]
Add security-manager policy for user types
Change-Id: I1c5ea026fe3b69ec0d2ba1338ded1033ad5db6b2
Jan Cybulski [Thu, 27 Nov 2014 07:28:53 +0000 (08:28 +0100)]
Implementation of API for user management
Change-Id: Ib2cb08e1c466bc93775f8efe32dccd118ef095ad
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Wed, 10 Dec 2014 06:58:03 +0000 (07:58 +0100)]
Add API for user management
Change-Id: I429dfa82b7cb669713b357ebe50d0b599ad8ebed
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Tue, 9 Dec 2014 12:29:08 +0000 (13:29 +0100)]
PrivilegeDb: introduce convenient private method for fetching prepared query
Create an internal method for repeating code pattern fetching the prepared
query from internal data structure and resetting it before use.
Change-Id: I346e5a0790d869632181737b52d6d5ba78da79c3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Wed, 9 Jul 2014 12:59:56 +0000 (14:59 +0200)]
Fix minor errors in code.
* m_maxDesc was used without initialization.
* client-common module passed wrong value to poll if
connect returns EINPROGRESS (was POLLIN, should be POLLOUT)
Change backported from security-server repository.
Change-Id: I4df6d67ff2214bd0ad857744a2c82bff5e7be299
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Dec 2014 14:39:54 +0000 (15:39 +0100)]
Server code no longer needs to include cynara and privilege-db headers
Dependant code has been recently moved to common library.
Change-Id: I5ae4a6a3ed43e00f5cf0e301ee33107844d36664
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Dec 2014 14:30:07 +0000 (15:30 +0100)]
Move database schema into a more convenient location
Change-Id: I7444211fd43be873d62c423ccd32fac65e40773e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Wed, 3 Dec 2014 11:18:04 +0000 (12:18 +0100)]
Fix: disallow installing apps with the same id in different packages
Change-Id: I04fca4edcd265e2853a9ce146e6dcc95d1f92dc9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Marcin Lis [Thu, 27 Nov 2014 13:06:08 +0000 (14:06 +0100)]
Prepare database queries during PrivilegeDb singleton init
Avoid too many sqlite3_prepare_v2 calls, which take many cpu cycles to complete.
SQLite statements may be prepared once when DB object is created.
Change-Id: I99e4fd3fea63fd61396c9f7b2c3b13539f312d48
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Sebastian Grabowski [Mon, 1 Dec 2014 15:26:56 +0000 (16:26 +0100)]
Added security_manager_strerror function.
This function translates lib_retcode(s) to a string describing given
error that occured in security-manager.
Change-Id: Ied57ff8c27a972123b28714ebc25efe143c6d64c
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 13:22:02 +0000 (14:22 +0100)]
Added security-manager-cmd application.
The purpose of this application is to have an offline tool that will do
some commands in offline mode i.e.: when security-manager service cannot
be run.
For now, only install command is supported which should be the
equivalent of security_manager_app_install function.
Change-Id: Ia9ef60b1a335650fea90c02e5fdd76ac48030f84
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Jan Cybulski [Mon, 24 Nov 2014 14:44:18 +0000 (15:44 +0100)]
Database access function obtaining apps of a certain user
This will be used during user removal in security-manager.
Change-Id: I524c9bf2da936054b7c1b597d7e4eaf879872912
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Wed, 5 Nov 2014 11:27:23 +0000 (12:27 +0100)]
Added support for offline applications installations mode
Added support for offline mode in AppInstall function.
Moreover, security_manager_app_install will now check if it can get
a file lock on /run/lock/security-manager.lock. If it can it will do
installation request in offline mode. Otherwise, it will send
installation request to security-manager service.
Change-Id: Ie8b8f98b1fa0d3021ae76ee7aa4e7416e3ed73b9
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Thu, 27 Nov 2014 15:15:23 +0000 (16:15 +0100)]
Typo fixes in installRequestAuthCheck
Changed 'paramter' to 'parameter' in installRequestAuthCheck function.
Change-Id: Iba5e3f6c3388c9faea8a326b7bf8e1b4ba48b0fa
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Fri, 21 Nov 2014 10:55:07 +0000 (11:55 +0100)]
Split service implementation logic away from the Service class
The code implementing logic of Service methods is now available as separate
functions. They will be available to both Service class and to the upcoming
offline client implementation.
Change-Id: Ib86af8c0f28dd7a1333e67ad0f2a4c968ff181cf
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 20 Nov 2014 23:45:05 +0000 (00:45 +0100)]
Convert Cynara, CynaraAdmin and PrivilegeDb classes into singletons
These classes are now used by the Service class to perform operations
requested by clients. But they will be also needed by offline client
implementation. Having them as private members of the Service class is no
longer feasible.
To keep their usage simple and available to the client as well, they are
now used as singletons.
Change-Id: I900a368ea14fbe61179c712b6e891f213ca61c5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Sebastian Grabowski [Wed, 5 Nov 2014 11:34:18 +0000 (12:34 +0100)]
Use file lock in security-manager
This change makes that security-manager checks this file lock:
/run/lock/security-manager.lock.
Change-Id: If7032089fb70eda80b0d89b649678a5af7061bf4
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 11:16:24 +0000 (12:16 +0100)]
Added FileLocker class
Initial version of file locking class for use in upcoming offline mode.
Change-Id: I4acd73ba56d09393bd138da94559b2be18e2cc3b
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 10:55:33 +0000 (11:55 +0100)]
Added security_manager_app_inst_req_set_uid function
Added uid field to app_inst_req structure.
Change-Id: Ida0204549bb4818bcd401b5d62c7e13f7dbc04b2
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Tue, 18 Nov 2014 16:58:08 +0000 (17:58 +0100)]
Release version 0.2.0
Also fill the changelog for two previous releases.
Change-Id: I590dfd6bc302b26a0aaf2afa8b6fd1addae8194d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Tue, 18 Nov 2014 08:29:13 +0000 (09:29 +0100)]
Fix checking for privileges during obtaining group
Privileges of apps installed for all users also needs to be taken into account.
Change-Id: I1d31a27dc0b718f46b26d654c518d8071bbe4cfb
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Tue, 18 Nov 2014 08:16:51 +0000 (09:16 +0100)]
Sanitize handling of global application user.
Remove inconsistency with treating both root and tizenglobalapp as global
users. For both cases uid of user TZ_SYS_GLOBALAPP_USER will be saved
in the data base to distinguish globally installed applications.
The whole code for handling global user was refactored by the way.
Change-Id: I5764e1f9675ebf3bb9091ede4fef724d053fed8d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Mon, 27 Oct 2014 09:47:05 +0000 (10:47 +0100)]
Move some modules to common library
There are modules for handling smack, cynara, privilege db that were
grouped in server code. However, there are upcoming changes (for offline
mode) that will require these modules to be used also i.e. by client
code. Thus it would be better to have these modules in common library.
Change-Id: Ifddd037a159dc142077290c09b7e05da98ce46e5
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Janusz Kozerski [Mon, 27 Oct 2014 14:19:56 +0000 (15:19 +0100)]
Don't remove "User" Smack rules on application uninstall
Temporary fix.
After app uninstall and remove app rules, all rules from
files in accesses.d directory are re-loaded.
Change-Id: I7786a356108d17ed948abbc615f22286b251c0b3
Signed-off-by: Janusz Kozerski <j.kozerski@gmail.com>
Krzysztof Sasiak [Mon, 13 Oct 2014 14:55:00 +0000 (16:55 +0200)]
Use group names instead of group ids (gid)
Database will now contain group names instead of group ids.
Change-Id: I67dc5cf9e853b9b1ca56eeea1c006ce194f1530d
José Bollo [Wed, 3 Sep 2014 11:26:58 +0000 (13:26 +0200)]
Removal of xattr "security.TIZEN_EXEC_LABEL"
This attribute is a duplication of the SMACKEXEC
mechanism for the links. This duplication is
complicating the security mechanisms that have
to remain simple to be applied and supported
efficiently. The SMACKEXEC mechanism is the only
required mechanism. For the other uses, the function
security_manager_set_process_label_from_appid is
enough.
Change-Id: Ic831547a318942af5603a3609b87f52577109479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Rafal Krypa [Tue, 23 Sep 2014 18:08:36 +0000 (20:08 +0200)]
Introduce convenience function for setting application security.
There are already three security-manager functions that a launcher should
call before launching the application. In the common case they will just
be called in sequence.
Provide an API function that handles all aspects for application process
preparation: set the Smack label, set additional groups and drop
capabilities.
Change-Id: I5c8346c5f834f8a4fb106169866de42578265da8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 19 Sep 2014 17:36:14 +0000 (19:36 +0200)]
When setting process Smack label, fix labels of socket file descriptors
File descriptors for sockets get Smack labels when sockets are created.
But if Smack labels is changed for a process with open socket descriptors,
those descriptors keep the old Smack label. This should not happen during
application launch, because launched application could be identified as
a non-app user process.
To avoid this, all open file descriptors which happen to be sockets will
be relabeled inside security_manager_set_process_label_* functions.
Change-Id: I209a7a15edef7a2c20a9a4a00806a5d3876fb9e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 23 Sep 2014 18:08:16 +0000 (20:08 +0200)]
Provide a function for launchers for dropping process capabilities
The functions for launchers, manipulating process Smack label and groups,
require elevated privileges. Since they will be called by launcher after
fork, in the process for the application, privileges should be dropped
before running an actual application.
This patch introduces a convenience function for launchers for dropping
capabilities from a process: security_manager_drop_process_privileges.
Change-Id: Iff06554bdcf2d51d0163e4dcb83ea9b976896740
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
José Bollo [Tue, 2 Sep 2014 13:11:55 +0000 (15:11 +0200)]
Improvement of tagging directories.
The directories are visited two times: in pre-order
and post-order. Here to avoid tagging at both times
we choose to simply tag in post-order (that is for
simplicity of the code.
Change-Id: I866481471d433036ca371035c74e583b3a9dcfda
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Lukasz Wojciechowski [Thu, 16 Oct 2014 08:04:15 +0000 (10:04 +0200)]
Adjust libcynara-admin error codes
Cynara integrates error codes in all libraries.
Release 0.4.0 uses new unified error codes.
Old error codes are removed.
This patch changes old error codes into new ones.
Please do not merge this patch until 0.4.0 is released
or patch "35771f4 Use client error codes in admin libraries"
in cynara repository is merged.
Change-Id: I354bd4a4c3a9adea9308efb8ed6f9025d26f92f1
José Bollo [Tue, 16 Sep 2014 14:44:19 +0000 (16:44 +0200)]
Resolving global application user
The global applications are set using the system
user 'tizenglobalapp'. In fact this name is set in
the tizen configuration variable TZ_SYS_GLOBALAPPUSER
and its uid should be retrieved using tzplatform_getuid.
Change-Id: I01635d1f65add0159b8d73fef60b76d03798fe52
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
José Bollo [Tue, 2 Sep 2014 14:44:49 +0000 (16:44 +0200)]
Fix a build error in 64 bits
In 64bits archs, size_t is 64bits while int is 32 bits.
In fact, the type used for length on the sierialiser is int.
Change-Id: I6aa2ee89cd909dcebbf8c5436d586569f5f3875d
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Rafal Krypa [Mon, 15 Sep 2014 11:30:59 +0000 (13:30 +0200)]
Remove obsolete code from security-manager-util
Legacy code inherited from security-server.
Change-Id: I432b46cca9f60879fe9ff9bed811705c8191001b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 16:34:04 +0000 (18:34 +0200)]
Add missing include and link dependencies in cmakes
Change-Id: Ie9095e602134af962ecc231070fbc6f2a86e1ea0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 8 Sep 2014 14:04:18 +0000 (16:04 +0200)]
Completely remove dlog remainings
Security-manager uses systemd for logging for some time already, this
code is no longer needed.
Change-Id: I9f099c00422ffeed23f65d8350bf7d8957cc00af
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 10:25:56 +0000 (12:25 +0200)]
Implement client API for launcher adding process to supplementary groups
In Tizen some sensitive resources are being accessed by applications
directly. The resources, being file system objects, are owned by
dedicated GIDs and only processes in those UNIX groups can access them.
This function should be used by application launcher for adding
application process to all permitted groups that are assigned to such
privileges.
Change-Id: I608d84e77869378b28c4130443323143b71380c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 29 Aug 2014 18:27:24 +0000 (20:27 +0200)]
Implement fetching group ids assigned to a privilege from data base
Change-Id: I439a710cc203c201426c48866c4ab1d88798dcc7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 2 Sep 2014 09:45:51 +0000 (11:45 +0200)]
Implement checking policies with Cynara
Support calling libcynara-client to check for applications permissions.
Change-Id: Icb44dc9a24f0ef519863075203b3be8eb0b07c2c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 2 Sep 2014 09:29:00 +0000 (11:29 +0200)]
Fix Cynara policy setting, use Smack label as app identifier
In Tizen Cynara policies should use application Smack label as application
identifier. Services using Cynara will be based on that assumption.
Previously security-manager incorrectly used pkgId as app identifier.
Change-Id: I31f59e3c6a037cc3730936963b10a1e7bcb008e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 29 Aug 2014 16:34:49 +0000 (18:34 +0200)]
Refactoring: there will be only one service
Security-manager started with installer service implementation. It was
created in a way supporting future creation of other services, working
in separate threads and listening on separate sockets. Such design is
however not planned for this project. The installer service recently
began to implement methods not related to installation, which begged for
some refactoring.
Hereby the installer service is renamed as just "service". There will be
a single socket and single service for all security-manager functions.
Change-Id: I40e939ded1b0e20c4e92c86738fb62ea4acd4a50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 27 Aug 2014 16:11:53 +0000 (18:11 +0200)]
Fix checking whether application path is inside user's home directory.
Internal function installRequestAuthCheck() making this check contained
few bugs. It didn't canonicalize the home directory. It simply checked
for substring instead of subdirectory ("/home/useruser" shouldn't be
considered as subdirectory of "/home/user"). It relied on PATH_MAX for
realpath() calls, which is broken by design according to function manual.
All of the above issues are now corrected.
Change-Id: I446c50e642b38ecbd1b4997ec5e6f7c9b5032291
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Thu, 7 Aug 2014 13:32:45 +0000 (15:32 +0200)]
Drop libprivilege-control
Change-Id: Ifff71e53ad15d644d50b978bcb979bb492c09f92
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Sebastian Grabowski [Thu, 24 Jul 2014 10:14:26 +0000 (12:14 +0200)]
Changed CYNARA_ADMIN_WILDCARD to proper uid string.
Change-Id: Ic4e9b4d26c3c41a983a4db61bbd557c84ff7c542
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Rafal Krypa [Sun, 13 Jul 2014 22:21:26 +0000 (00:21 +0200)]
Set Cynara policies during application installation and uninstallation
Applied policies will have a wildcard in "user" field. Security-manager
will handle app installation per user soon, so this will also be changed.
Change-Id: I41606fb94b7385426debbcf47a57ba1593dbfc5a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Fri, 1 Aug 2014 12:13:41 +0000 (14:13 +0200)]
Provide move constructor instead of copy constructor for CynaraAdminPolicy
The class stores pointers and owns the memory they point to. Memory is
allocated in constructor and freed in destructor. But copying these
pointers between objects causes double free in destructor. The poiners
should not be copied, only moved.
Now CynaraAdminPolicy will provide custom move constructor. It will be
used by default, since default copy constructor is now deleted.
Change-Id: If6c49184318c54574caff8af74b336dd1c8ddd2f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 1 Aug 2014 12:17:38 +0000 (14:17 +0200)]
Change pthread flag settings in CMake to a more generic construct
Modify the previous commit using proper CMake module for thread library
support.
Change-Id: I1eaf2f8bc3b6ac542e5c81deeba14f68e47af381
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Stephane Desneux [Fri, 25 Jul 2014 11:21:10 +0000 (13:21 +0200)]
Add missing gcc option -pthread to build correctly
Bug-Tizen: TC-1446
Change-Id: I5d2c560a01f867722c3918daa912048f098e3ab6
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
Jan Cybulski [Fri, 18 Jul 2014 13:35:29 +0000 (15:35 +0200)]
Move return codes sent by server to protocols.h
Those codes are not part of security-manager's API
but are used only in communication between client and
server part. Return codes of libsecurity-manager's
functions are defined in enum lib_retcode, so there
is no need in placing additional macros in header file
security-manager.h
Also: fix problems with documentation in those macros
Change-Id: Iaa2f489f2b0a3e9dc3d2aaf74f522451e1b65057
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 12:42:25 +0000 (14:42 +0200)]
Change security_manager_app_install return code
So far, security_manager_app_install returned only
SECURITY_MANAGER_SUCCESS or SECURITY_MANAGER_ERROR_UNKNOWN,
which is not enough now.
Now, there is possibility, that security manager would reject
installation of some applciations on the basis of uid and users
home directory.
This function will return information about that now as return code.
Change-Id: I53b23b8318a756a8fbf4b804e49046cfa5acd4e0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 08:56:11 +0000 (10:56 +0200)]
Register only directories inside user's HOME
Change-Id: I546ba542dea481db2efebb24bbe03e5cd87d7220
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 18 Jul 2014 15:35:41 +0000 (17:35 +0200)]
Add possibility of installing apps for different users
Uid of installing user will be obtained from peer's socket
and will be stored in database.
Change-Id: I0a0edf726b54fc7b28e5f2063186a97eb29479a9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Marcin Lis [Wed, 16 Jul 2014 14:54:59 +0000 (16:54 +0200)]
Cynara: Change the type of exception in CynaraAdminPolicy constructors
It is better to keep exception types unified. That would minimize the number of
"catch" statements.
Change-Id: Id9e5bafef70c7ffb126a60c595505b644d596729
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Rafal Krypa [Fri, 11 Jul 2014 15:50:43 +0000 (17:50 +0200)]
Cynara: implement method for setting policies
Change-Id: I65a1c54c6307a60fba383b9e376c8541908ded59
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Tue, 15 Jul 2014 16:48:14 +0000 (18:48 +0200)]
Logging: Remove the log tag from logs messages
The log tag "SECURITY_MANAGER" and its client's version that were used in dlog
messages are not needed in systemd journal logs, this is redundant information.
It is easy to maintain the source of logs using journalctl.
Change-Id: Ia987cb3e401f46fe15eea210a0c2a9406caa7882
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Mon, 14 Jul 2014 15:58:58 +0000 (17:58 +0200)]
Logging: Refine security manager log printouts
Some of log traces were redundant, some of them carried unhelpul data. This
commit reorganizes calls to log macros to make them more helpful.
Change-Id: I6b814610e32f4c568ce6c8acfae33da0d1878dd0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Jacek Bukarewicz [Fri, 11 Jul 2014 13:40:00 +0000 (15:40 +0200)]
Implement setting process label for the given application
This change introduces functions for setting smack label for
application process. They are intended to be used by the app launcher
on application start.
2 variants have been implemented:
1) security_manager_set_process_label_from_binary
Function extracts smack label from the given application binary and sets
it for the current process
2) security_manager_set_process_label_from_appid
Function computes smack label for given application id and sets it for
current process
Change-Id: I4dfbaf133ec43e292f4ba54023b96a57df439562
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Jacek Bukarewicz [Fri, 11 Jul 2014 13:36:40 +0000 (15:36 +0200)]
Introduce IPC call for getting pkgid from appid
Change-Id: I9e2c05d15c3c4bad60f5bc3b5631226e9980dc24
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Rafal Krypa [Thu, 3 Jul 2014 18:34:41 +0000 (20:34 +0200)]
Initial code for adding rules to Cynara
Adding new class for interface to cynara-admin. No operations implemented
yet, only initialize and destroy.
Change-Id: I1337ae9586c9767fa51c5ffc30671d6b7a758e4c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafał Krypa [Fri, 11 Jul 2014 19:28:21 +0000 (21:28 +0200)]
Refactoring: put code operating on Smack labels in a separate file
Create smack-labels.cpp, containing code for label assignment and file
labeling. Avoid clutter in installer.cpp.
Change-Id: I97f5251e1bfcd53e242cd0117d48539a378fefde
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 3 Jul 2014 17:10:48 +0000 (19:10 +0200)]
Remove code from smack-common.cpp
This code was a legacy from security-server. Contained functions
get_smack_label_from_process() and smack_pid_have_access() won't be used
by security-manager.
Change-Id: I9ddddf4d4d0e4347c7b0b86de96bdcfc0d715b91
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Tue, 8 Jul 2014 14:17:45 +0000 (16:17 +0200)]
Logging: Change the default log provider to systemd journal.
This change replaces the default logging mechanism in the whole security
manager. The dlog provider is not used anymore and it is also excluded from
being build along with the project. Its sources should stay untouched by now.
To verify, first please install this together with the latest security-tests
package. When installed, run tests:
# security-manager-tests --output=text
And after that please check for the presence of traces in journal:
# journalctl --unit=security-manager.service
Please also check for the presence of security-manager-client traces:
# journalctl /usr/bin/security-manager-tests
Change-Id: I4af35d29a6a61d3a5a0bc4c3508bb872206a2f23
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Tue, 8 Jul 2014 10:48:22 +0000 (12:48 +0200)]
Logging: Add systemd journal log provider
The logging style inherited from the security-server needs to be adjusted to
Tizen 3.0 logging fashion. The dlog utility is no longer available, the systemd
journal is in use now.
Change-Id: I16c3f7348b60194c31a8bdcc0897f5ee9ec5aea0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Wed, 9 Jul 2014 15:42:23 +0000 (17:42 +0200)]
Logging: Remove macros and methods for Secure* logs.
Secure logs, inherited from security-server are no longer needed.
Replace calls to Secure* logs with their non-secure equivalents.
This is an initial commit in logging adaptation series. It should be
verified by successful build.
Change-Id: I908851f8927c46474489a6bf5053f480d65ac22d
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 13:55:52 +0000 (15:55 +0200)]
Use PrivilegeDb in installer code
Recently added and tuned PrivilegeDb is finally ready to provide information
for application installation and uninstallation.
Change-Id: Ia6560b4ce7488670f999a57c415c9a402e6b3f2e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 13:00:17 +0000 (15:00 +0200)]
PrivilegeDb: don't require pkgId argument for application removal
Drop second argument (pkgId) from RemoveApplication() method.
Add new public method GetAppPkgId() for getting application's pkgId and
use it inside RemoveApplication().
This is needed because uninstallation request will contain only appId.
Change-Id: Ic7f618a9c223a501e61a167fb7870e22e1926e20
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 09:54:29 +0000 (11:54 +0200)]
PrivilegeDb: drop TPrivilegesList typedef
The typedef cluttered the code without adding any significant value.
Change-Id: I7dacf9c7b46e68087a248acd907e208e6aa76c52
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 09:39:20 +0000 (11:39 +0200)]
Rework PrivilegeDb interface for setting application privileges
While integrating installer code with PrivilegeDb, the existing method for
setting privileges was found to be inadequate. It also would need further
complication to actually do what it was supposed to do.
New UpdateAppPrivileges() method now only updates privileges for application.
To calculate which privileges were added and which removed for the package,
installer will use GetPkgPrivileges() twice: before and after calling
UpdateAppPrivileges(). All three method calls must be done inside transaction.
Change-Id: Ib7e1b8a6b1482c6dcd8b7146c48187797e237bd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 14:52:15 +0000 (16:52 +0200)]
Unify internal naming convention: permission => privilege
Part 2: rename SQL file.
Change-Id: I76bb618197cb3c744550156fc5a6d58e9266c4ed
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 14:51:23 +0000 (16:51 +0200)]
Unify internal naming convention: permission => privilege
Words "permission" and "privilege" were used interchangeably throughout the
code. It was decided that security-manager will manage "application
privileges", as they are called in several Tizen documents.
Places calling them "permissions" were edited for unification.
Change-Id: I7db701ceb55237457258d63b2b7347aae50852ce
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 11:34:43 +0000 (13:34 +0200)]
In PrivilegeDb use function instead of macro for common exception handling
Reuse concept appearing in client-common.h to write repeated exception
handling code only once. It is based on C++11 lamba function feature, which
is superior to legacy macro in terms of type safety and debuggability.
Change-Id: If8f11246b97e7f10aa173d35018f5384527b16ee
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 30 Jun 2014 11:24:04 +0000 (13:24 +0200)]
Change return type from bool to void for some methods of PrivilegeDb
Methods GetPkgPermissions, AddApplication, RemoveApplication and
UpdatePermissions had return type set to void. But they didn't return
anything useful. The actual return value was always true or exception
throw.
Changing the types to void will also make usage of these methods simpler.
Change-Id: Id588c314c6aa1af0ea3c17ed02d0f6bf20411193
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 27 Jun 2014 16:53:46 +0000 (18:53 +0200)]
Adjust code formatting in privilege_db.cpp
Align formatting of function definitions with the rest of the code.
Change-Id: I10fe2b0f69f3bed1bc459af0c56e57a557c20f32
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 12:52:07 +0000 (14:52 +0200)]
spec: add missing calls do ldconfig on %post and %postun
The main package also contains a library, so it should call ldconfig.
Problem reported by rpmlint.
Change-Id: Id9fdd874f725e1793f155d2766b8a25fee2df4db
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 1 Jul 2014 10:38:44 +0000 (12:38 +0200)]
Fix buld break on x86_64, regression in
3e62e851
Unify systemd installation directories between spec and CMake, avoiding
problems on x86_64 (/usr/lib64 vs. /usr/lib).
Change-Id: I5db9cf50978f20d318f7d11349d5437b184b394f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 26 Jun 2014 17:37:47 +0000 (19:37 +0200)]
Generate database during build, include it in the package
Initialized, empty sqlite database will be included into security-manager
package to enable integration with the code.
Change-Id: I3e5389d15a9e3a370941ef70f425da765bfc2690
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 26 Jun 2014 16:31:54 +0000 (18:31 +0200)]
Don't hardcode path to /etc/smack
Use libtizen-platform-config for getting path of Smack configuration.
Change-Id: I214594931705cd3dafa27a64e7800e82b96c0ced
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 26 Jun 2014 15:15:02 +0000 (17:15 +0200)]
Use variables instead of hardcoded paths to /usr/bin and /usr/lib
Change-Id: If329d3346ccb1da5c2c697c5a90d81c77a977077
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Sasiak [Fri, 6 Jun 2014 14:11:08 +0000 (16:11 +0200)]
Privilege database access implementation
Adding convenience methods for accessing privilege
database and performing queries on it.
Change-Id: I34d8986ec1315ce46f7f5bc462d746df81e7e432
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
Krzysztof Sasiak [Fri, 6 Jun 2014 13:57:58 +0000 (15:57 +0200)]
SQL Schema of privileges database
Schema definition for the priviliges database that will be used
in security manager.
Change-Id: I1fd2516e8d70e00fc32a0ea4f8449a3a85020cf7
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
Rafal Krypa [Tue, 24 Jun 2014 15:49:05 +0000 (17:49 +0200)]
Remove fstream_accessors.h from DPL
- It is not used in security-manager
- In fact it was never a part of DPL, but an addition by security-server
Change-Id: Ia9803ea90cfe8f1a20ab072717c6d9895fb1d89a
Rafal Krypa [Tue, 24 Jun 2014 11:21:37 +0000 (13:21 +0200)]
Move smack_check from common to server
This function is used only in server. By moving it from common it is now
possible to not link libsecurity-manager-common with libsmack.
Change-Id: If2b8eb8dc252ff21416ab4e075a5471f5647b98a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 24 Jun 2014 11:19:54 +0000 (13:19 +0200)]
Build security-manager-common with SqlConnection
Also adding build dependencies on sqlite3, db-util and boost.
Change-Id: I65d55bfd30a600aab19bee489ef20b94b69b45a6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 Jun 2014 15:52:33 +0000 (17:52 +0200)]
Refactoring of directory structure and CMake files
Directory structure inherited from security-server is confusing and doesn't
separate components that form the project.
New structure consists of the following directories:
* src/include - public security-manager interface
* src/dpl - sources and includes borrowed from wrt-commons dpl
* src/common - sources of libsecurity-manager-common library
* src/client - sources of libsecurity-manager-client library
* src/server - sources of security-manager binary
* pc - template of pkg-config file
Additionally common, client and server include files have been moved into
"include" subdirectory in each source dir.
CMake files are now more hierarchical, with separete file per component.
Previously not checked dependency on libcap is now checked in server CMake.
Library versioning is aligned with package versioning of security-manager.
Version of libsecurity-manager-common is better parametrized.
Change-Id: I8db728e53f912db2b15109f5502def7fc105f77f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 Jun 2014 15:32:41 +0000 (17:32 +0200)]
Make generateAppLabel() a static funcion of SmackRules class
Eliminate security-manager-common.cpp containing a single function, which
now logically belongs to SmackRules class.
Change-Id: I5e7c063a5980d97b67c7f9640812d9890e24b2c7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 Jun 2014 14:25:23 +0000 (16:25 +0200)]
Use std::stringstream for parsing Smack rules
This leads to simpler and more robust implementation of SmackRules class.
Change-Id: I806da78fd6b95b9edcbb21b71c13e9bcb10b10df
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Jun 2014 14:08:22 +0000 (16:08 +0200)]
DPL: changing namespace of imported classes to SecurityManager
DPL code uses DPL namespace, moving it to SecurityManager.
Change-Id: I89f1c6c8b965085546064856045145c9c6d0ac3a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Jun 2014 14:05:25 +0000 (16:05 +0200)]
DPL: work around for build warnings with -Werror
DPL::SqlConnection::ExecCommand() is marked as deprecated to warn it's users.
It's not deprecated, but could cause SQL Injection. This method is also
used internally for transactions.
Such combination causes build warnings. But this repository is built with
-Werror flags and it breaks the build.
Since this method is not needed outside SqlConnection, move it to private
methods and remove the warning.
Change-Id: I088f4736ecca318613b897ef05b12af4cdc1f664
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 2 Jun 2014 17:10:59 +0000 (19:10 +0200)]
DPL: work around for dependency on DPL::Thread
Patch based on work by similar work by Zofia Abramowska.
Include needed parts from DPL::Thread into code of
NaiveSynchronizationObject.
Only NanoSleep() and MiliSleep() methods are needed and the original
DPL::Thread() triggers a large chain of dependencies, including EFL.
Change-Id: Icf8257ca8eeaa5cdbc4d80ceb98d88aceeec7821
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 2 Jun 2014 17:00:44 +0000 (19:00 +0200)]
DPL: import DPL::SqlConnection and dependencies
Import SQLite wrapper class from wrt-commons 0.2.210.
Several dependencies from DPL common imported as needed. Dependency DPL::Thread
has been omitted on purpose, because it caused too many other dependencies.
It will be substituded in a separate patch.
These classes will be used by security-manager. When security-manager gets its
own repository, SqlConnection will be removed from security-server.
Change-Id: I090f73d6912f4ef6b85b313e7b12d20a7fd758a1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 2 Jun 2014 16:52:43 +0000 (18:52 +0200)]
DPL: udate dpl/core/include/dpl/assert.h from latest wrt-commons
Needed to get AssertMsg macro, used in other DPL modules.
Change-Id: Iaca6c09a52e2f6644580d667a6817cfaa777d0a4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 20 Jun 2014 15:58:50 +0000 (17:58 +0200)]
Set myself as contact person for security-manager
Update contact e-mail in source files with appropriate address.
Change-Id: I51ef49d47d870403720a51857dc5d1384afc4e39
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 20 Jun 2014 15:53:48 +0000 (17:53 +0200)]
Remove API for setting allowed users for an app
Removed function security_manager_app_inst_req_add_allowed_user.
It became obsolete when application framework switched to multi-user
support by installing apps for each user separately.
Change-Id: I2c1d3533982d23b45f3226e5eb07619d60b0530f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Jun 2014 14:25:46 +0000 (16:25 +0200)]
Listen on socket passed by systemd
This was previously disabled in security-manager code, because it was
coupled with security-server, which already did that.
Uncommenting the listening code now.
Change-Id: I9e7c5a3a5bde2e29fc74b9918af0a36992533a80
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Jun 2014 13:09:46 +0000 (15:09 +0200)]
Remove SmackAudit() from logging facility
This functionality was needed in security-server to log user space Smack
checks consistently with logs generated by kernel.
Security-manager will never perform such checks.
Change-Id: Ifcc67228b85dedba33330710d1e763dbdfadd996
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Jun 2014 15:07:16 +0000 (17:07 +0200)]
Bump version number to 0.1.0
Make sure that new security-manager packages will have higher version than
previously built packages, before split from security-server repository.
Change-Id: Id7ad7fbbe19ebce514209ad8e8e6cadae77386f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Lis [Wed, 11 Jun 2014 08:39:54 +0000 (10:39 +0200)]
Fix memory leak and add EINTR error handling.
One memory leak was missed in the Installer service.
Introduce retries on EINTR error while trying to open a file.
Also add close() error handling.
This is a cherry pick from security-server repository.
Change-Id: I43b48e12d6e609b24ffda02c7aed199f3b9f02bb
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Jan Cybulski [Wed, 18 Jun 2014 06:56:53 +0000 (08:56 +0200)]
Update readme file
Change-Id: Ia0d04bdc6b56d7b70737e29e53d8e40f5984805e
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Fri, 13 Jun 2014 11:18:45 +0000 (13:18 +0200)]
Comments and defines changed to comply with new project name
Change-Id: Ie931b2a4d7f2c5d7fa688fbbd0b8f062cfb9a818
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>