[Dev] Update of security framework repositories

Krzysztof Jackiewicz k.jackiewicz at samsung.com
Mon Feb 24 17:50:18 GMT 2014


Dear All,

In order to get mobile profile working we (the Samsung Security Framework Team) have to update several security framework repositories with changes developed by us in parallel with tizen.org. All these commits went through Samsung's gerrit code review and were continuously tested (with tests from security-tests repo). We have also successfully compiled and tested them on tizen.org image. Our changes have been already pushed to sandbox branches in corresponding tizen.org repositories.

Please find the list of affected repositories with changes summary and proposed merge strategy:


*platform/upstream/smack*
There's one major update in smack code - smackload-fast utility for multiline loading startup rules. In addition we have few bug fixes and few modification in systemd's startup scripts for smack service. And last but not least  - switching from 'smackctl apply' to 'smackload-fast' in systemd's smack service.

We have cherry-picked our changes on top of tizen branch and pushed them to sandbox:
https://review.tizen.org/gerrit/gitweb?p=platform%2Fupstream%2Fsmack.git;a=shortlog;h=refs%2Fheads%2Fsandbox%2Fzjasinski%2Fsamsung_devel

We'd like to do a fast-forward merge of sandbox and tizen branch.


*platform/core/security/libprivilege-control*
One major internal change - use of sqlite3 database instead of plain files for privileges & apps associations. 
Extended and updated API: new naming convention, new app permission querying & management functions.

Our branch and tizen.org one have a common history but there were a lot of changes on both sides since they diverged so we decided to merge them. The merge have been submitted to gerrit for review:
https://review.tizen.org/gerrit/#/c/16834/

*platform/core/security/security-server*
- Rewriten all code, removed unused api
- Split code into modules (like: cookies, password, open_for, data_share).
- Each module has own socket
- Each socket may have different label
- Add support for systemd (systemd creates socket and set up labels).
Please note: currently all labels for sockets are set to "*" because of "policy reset" made on tizen.org

Security-server changes have been cherry-picked on top of tizen.org/tizen branch. It's available on sandbox branch:
https://review.tizen.org/gerrit/gitweb?p=platform%2Fcore%2Fsecurity%2Fsecurity-server.git;a=shortlog;h=refs%2Fheads%2Fsandbox%2Fade%2Fsamsung_devel

We'd like to perform a fast-forward merge of sandbox and tizen branch.


*platform/core/test/security-tests*
This is a new repo that covers tests for three repos above. We'd like to do a fast-forward merge of sandbox and tizen branch:
https://review.tizen.org/gerrit/gitweb?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=shortlog;h=refs%2Fheads%2Fsandbox%2Fmniesluchow%2Fsamsung_devel


Please let us know if you have any objections or comments.

Best regards,

--
Krzysztof Jackiewicz
Samsung R&D Institute Poland
Samsung Electronics
k.jackiewicz at samsung.com



More information about the Dev mailing list