3 files changed, 56 insertions, 79 deletions
diff --git a/packaging/key-manager-listener.manifest b/packaging/key-manager-listener.manifest
deleted file mode 100644
index c3b5d51..0000000
--- a/packaging/key-manager-listener.manifest
+++ /dev/null
@@ -1,13 +0,0 @@
-<manifest>
-	<define>
-		<domain name="key-manager-listener" />
-		<request>
-			<smack request="pkgmgr::info" type="r" />
-			<smack request="pkgmgr::db" type="rlx" />
-			<smack request="ail::db" type="rlx" />
-		</request>
-	</define>
-	<request>
-		<domain name="key-manager-listener" />
-	</request>
-</manifest>
diff --git a/packaging/key-manager.manifest b/packaging/key-manager.manifest
index 195c0a5..9e277de 100644
--- a/packaging/key-manager.manifest
+++ b/packaging/key-manager.manifest
@@ -3,15 +3,27 @@
 		<domain name="key-manager"/>
 		<request>
 			<smack request="system::use_internet" type="w"/>
+			<smack request="device::app_logging" type="rw"/>
+			<smack request="device::sys_logging" type="rw"/>
+			<smack request="security-server" type="rx"/>
+			<smack request="sys-assert::core" type="rwxat"/>
+			<smack request="pkgmgr::info" type="r" />
+			<smack request="pkgmgr::db" type="rlx" />
+			<smack request="key-manager::api-control" type="w"/>
+			<smack request="ca-certificates::ssl-certs" type="rx"/>
+			<smack request="systemd" type="rx"/>
+			<smack request="connman" type="w"/>
 		</request>
 		<permit>
 			<smack permit="system::use_internet" type="w"/>
+			<smack permit="connman" type="w"/>
 		</permit>
 	</define>
 	<request>
 		<domain name="key-manager" />
 	</request>
 	<assign>
-		<filesystem path="/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh" label="_" exec_label="_"/>
+		<filesystem path="/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh" label="_" exec_label="none"/>
+		<filesystem path="/opt/data/ckm" label="key-manager" type="transmutable"/>
 	</assign>
 </manifest>
diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 1d7728a..7a99765 100644
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -1,3 +1,5 @@
+%define ckm_build_internal_test 0
+
 Name:       key-manager
 Summary:    Central Key Manager and utilities
 Version:    0.1.13
@@ -6,20 +8,16 @@ Group:      System/Security
 License:    Apache-2.0 and BSL-1.0 and PD
 Source0:    %{name}-%{version}.tar.gz
 Source1001: key-manager.manifest
-Source1002: key-manager-listener.manifest
-Source1003: libkey-manager-client.manifest
-Source1004: libkey-manager-common.manifest
+Source1002: libkey-manager-client.manifest
+Source1003: libkey-manager-common.manifest
 BuildRequires: cmake
-BuildRequires: zip
-BuildRequires: pkgconfig(dlog)
 BuildRequires: pkgconfig(openssl)
-BuildRequires: libattr-devel
-BuildRequires: pkgconfig(libsmack)
 BuildRequires: pkgconfig(libsystemd-daemon)
-BuildRequires: pkgconfig(libsystemd-journal)
+BuildRequires: pkgconfig(vasum)
+BuildRequires: pkgconfig(capi-system-info)
 BuildRequires: boost-devel
-BuildRequires: pkgconfig(security-server)
-BuildRequires: model-build-features
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(pkgmgr)
 Requires: libkey-manager-common = %{version}-%{release}
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
@@ -30,23 +28,13 @@ Central Key Manager daemon could be used as secure storage
 for certificate and private/public keys. It gives API for
 application to sign and verify (DSA/RSA/ECDSA) signatures.
 
-%package -n key-manager-listener
-License:    Apache-2.0
-Summary:    Package with listener daemon
-Group:      System/Security
-BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(capi-appfw-package-manager)
-Requires:   libkey-manager-client = %{version}-%{release}
-
-%description -n key-manager-listener
-Listener for central key manager. This daemon is responsible for
-receive notification from dbus about uninstall application
-and pass them to key-manager daemon.
-
 %package -n libkey-manager-common
 License:    Apache-2.0
 Summary:    Central Key Manager (common libraries)
 Group:      Development/Libraries
+BuildRequires: pkgconfig(dlog)
+BuildRequires: pkgconfig(libcrypto)
+BuildRequires: pkgconfig(libsystemd-journal)
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 
@@ -57,6 +45,8 @@ Central Key Manager package (common library)
 License:    Apache-2.0
 Summary:    Central Key Manager (client)
 Group:      Development/Libraries
+BuildRequires: pkgconfig(capi-base-common)
+BuildRequires: pkgconfig(security-server)
 Requires:   key-manager = %{version}-%{release}
 Requires:   libkey-manager-common = %{version}-%{release}
 Requires(post): /sbin/ldconfig
@@ -70,44 +60,52 @@ License:    Apache-2.0
 Summary:    Central Key Manager (client-devel)
 Group:      Development/Libraries
 BuildRequires: pkgconfig(capi-base-common)
-Requires:   pkgconfig(capi-base-common)
 Requires:   libkey-manager-client = %{version}-%{release}
 
 %description -n libkey-manager-client-devel
 Central Key Manager package (client-devel)
 
+%if 0%{?ckm_build_internal_test}
 %package -n key-manager-tests
 License:    Apache-2.0 and BSL-1.0
 Summary:    Internal test for key-manager
 Group:      Development
-Requires:   boost-test
+BuildRequires: boost-test
 Requires:   key-manager = %{version}-%{release}
 
 %description -n key-manager-tests
 Internal test for key-manager implementation.
+%endif
 
 %prep
 %setup -q
 cp -a %{SOURCE1001} .
 cp -a %{SOURCE1002} .
 cp -a %{SOURCE1003} .
-cp -a %{SOURCE1004} .
 
 %build
 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
+
 export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions "
 
+# password protection enabled
+%define ckm_password_protection_disable 0
+# zone disabled on 2.4
+%define ckm_db_per_zone_enable 0
 
 %cmake . -DVERSION=%{version} \
         -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
         -DCMAKE_VERBOSE_MAKEFILE=ON \
-%if "%{?tizen_profile_name}" == "wearable"
-        -DPROFILE_TARGET=WEARABLE \
+%if 0%{?ckm_password_protection_disable}
+        -DPASSWORD_PROTECTION_DISABLE=1 \
 %endif
-%if "%{?model_build_feature_formfactor}" == "circle"
-        -DFORM_FACTOR=CIRCLE \
+%if 0%{?ckm_db_per_zone_enable}
+        -DDB_PER_ZONE_ENABLE=1 \
+%endif
+%if 0%{?ckm_build_internal_test}
+        -DCKM_BUILD_INTERNAL_TEST=1 \
 %endif
         -DSYSTEMD_UNIT_DIR=%{_unitdir} \
         -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager"
@@ -121,21 +119,23 @@ cp LICENSE %{buildroot}/usr/share/license/%{name}
 cp LICENSE.BSL-1.0 %{buildroot}/usr/share/license/%{name}.BSL-1.0
 cp LICENSE %{buildroot}/usr/share/license/libkey-manager-client
 cp LICENSE %{buildroot}/usr/share/license/libkey-manager-control-client
-mkdir -p %{buildroot}/etc/security/
 mkdir -p %{buildroot}/usr/share/ckm/scripts
 cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts
+
+%if 0%{?ckm_build_internal_test}
 mkdir -p %{buildroot}/usr/share/ckm-db-test
 cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/
 cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/
+%endif
 
 %make_install
 mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants
 mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants
 ln -s ../central-key-manager.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager.service
-ln -s ../central-key-manager-listener.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service
 ln -s ../central-key-manager-api-control.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket
 ln -s ../central-key-manager-api-storage.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket
 ln -s ../central-key-manager-api-ocsp.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-ocsp.socket
+mkdir -p %{buildroot}/opt/data/ckm
 
 %clean
 rm -rf %{buildroot}
@@ -175,35 +175,13 @@ fi
 
 %postun -n libkey-manager-common -p /sbin/ldconfig
 
-%post -n key-manager-listener
-systemctl daemon-reload
-if [ $1 = 1 ]; then
-    # installation
-    systemctl start central-key-manager-listener.service
-fi
-if [ $1 = 2 ]; then
-    # update
-    systemctl restart central-key-manager-listener.service
-fi
-
-%preun -n key-manager-listener
-if [ $1 = 0 ]; then
-    # unistall
-    systemctl stop central-key-manager-listener.service
-fi
-
-%postun -n key-manager-listener
-if [ $1 = 0 ]; then
-    # unistall
-    systemctl daemon-reload
-fi
 
 %files -n key-manager
 %manifest key-manager.manifest
+%defattr(-,system,system,-)
 %{_bindir}/key-manager
 %{_unitdir}/multi-user.target.wants/central-key-manager.service
 %{_unitdir}/central-key-manager.service
-%{_unitdir}/central-key-manager.target
 %{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket
 %{_unitdir}/central-key-manager-api-control.socket
 %{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket
@@ -212,22 +190,18 @@ fi
 %{_unitdir}/central-key-manager-api-ocsp.socket
 %{_datadir}/license/%{name}
 %{_datadir}/license/%{name}.BSL-1.0
-%{_datadir}/ckm/scripts/*.sql
-%attr(444, root, root) %{_datadir}/ckm/scripts/*.sql
+%attr(444, system, system) %{_datadir}/ckm/scripts/*.sql
 /etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh
-
-%files -n key-manager-listener
-%manifest key-manager-listener.manifest
-%{_bindir}/key-manager-listener
-%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service
-%{_unitdir}/central-key-manager-listener.service
+%attr(700, system, system) /opt/data/ckm
 
 %files -n libkey-manager-common
 %manifest libkey-manager-common.manifest
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-common.so.*
 
 %files -n libkey-manager-client
 %manifest libkey-manager-client.manifest
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-client.so.*
 %{_libdir}/libkey-manager-control-client.so.*
 %{_libdir}/libsecurity-server-plugin.so*
@@ -235,7 +209,7 @@ fi
 %{_datadir}/license/libkey-manager-control-client
 
 %files -n libkey-manager-client-devel
-%defattr(-,root,root,-)
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-client.so
 %{_libdir}/libkey-manager-control-client.so
 %{_libdir}/libkey-manager-common.so
@@ -248,6 +222,7 @@ fi
 %{_includedir}/ckm/ckm/ckm-password.h
 %{_includedir}/ckm/ckm/ckm-pkcs12.h
 %{_includedir}/ckm/ckm/ckm-raw-buffer.h
+%{_includedir}/ckm/ckm/ckm-client-info.h
 %{_includedir}/ckm/ckm/ckm-type.h
 %{_includedir}/ckm/ckmc/ckmc-manager.h
 %{_includedir}/ckm/ckmc/ckmc-control.h
@@ -255,9 +230,12 @@ fi
 %{_includedir}/ckm/ckmc/ckmc-type.h
 %{_libdir}/pkgconfig/*.pc
 
+%if 0%{?ckm_build_internal_test}
 %files -n key-manager-tests
-%defattr(-,root,root,-)
+%defattr(-,system,system,-)
 %{_bindir}/ckm-tests-internal
+%{_bindir}/ckm-tests-lcov-internal
 %{_datadir}/ckm-db-test/testme_ver1.db
 %{_datadir}/ckm-db-test/testme_ver2.db
 %{_bindir}/ckm_so_loader
+%endif