diff options
author | jin-gyu.kim <jin-gyu.kim@samsung.com> | 2018-05-24 17:23:07 +0900 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2018-07-17 14:07:55 +0000 |
commit | 0667b0a1f5c6f236b5ace84ebc7333571a21adf5 (patch) | |
tree | 7d370e5e4a60bfd54f98dd1174350a12c3e34ac2 | |
parent | e1bfaa916ea326b5826b1ae1ea24eb6232ff67a9 (diff) | |
download | security-manager-0667b0a1f5c6f236b5ace84ebc7333571a21adf5.tar.gz security-manager-0667b0a1f5c6f236b5ace84ebc7333571a21adf5.tar.bz2 security-manager-0667b0a1f5c6f236b5ace84ebc7333571a21adf5.zip |
Retrieve package manager privilege from User::Shell client
When user uses dbus-send in the shell process, these privileges can be allowed.
Therefore, privilege checks for these were meaningless.
pkgcmd tools will have "System" execute label,
so we can remove these privileges from User:Shell client.
Change-Id: I56bb4c3d2ef270fada6ce8725eccb4390e2b718f
-rwxr-xr-x | policy/security-manager-policy-reload.in | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/policy/security-manager-policy-reload.in b/policy/security-manager-policy-reload.in index 26113276..4afc004c 100755 --- a/policy/security-manager-policy-reload.in +++ b/policy/security-manager-policy-reload.in @@ -67,12 +67,6 @@ done # Root shell get access to all privileges cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="0" --privilege="*" --type=ALLOW -# Shell process get access to packagemanager.admin privilege to install applications -cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="*" --privilege="http://tizen.org/privilege/packagemanager.admin" --type=ALLOW - -# Shell process get access to packagemanager.info privilege to debug applications -cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="*" --privilege="http://tizen.org/privilege/packagemanager.info" --type=ALLOW - # Load privilege-group mappings ( echo "BEGIN;" |