diff options
| author | Tomasz Swierczek <t.swierczek@samsung.com> | 2020-04-21 14:21:11 +0200 |
|---|---|---|
| committer | Tomasz Swierczek <t.swierczek@samsung.com> | 2020-04-21 15:34:54 +0200 |
| commit | 437cf25c6b5677b35a9e2f18157cadf986213849 (patch) | |
| tree | b7ae8062fa7fffcf4a5c745128d20c4db239c0d5 | |
| parent | 8ec30a0ad28e54c3f2641b0d79ad487822b17248 (diff) | |
| download | security-manager-437cf25c6b5677b35a9e2f18157cadf986213849.tar.gz security-manager-437cf25c6b5677b35a9e2f18157cadf986213849.tar.bz2 security-manager-437cf25c6b5677b35a9e2f18157cadf986213849.zip | |
Release 1.6.0submit/tizen/20200421.142342
Add RPM package for iptables rules needed for GID-based internet access control
Add new privilege-enforcing mechanism that uses privilege-Smack mapping
Mount namespace enhancements & fixes
With this release, versioning differs from branch tizen_5.5.
With this release, Tizen has 3 mechanisms for controlling internet access:
* nether
- supports mutltiuser
- allows dynamic policy change for app, during application runtime
- complicated support for many protocols, many dependencies (mostly in kernel)
* iptables + privilege-to-GID mapping
- supports multiuser
- dissallows dynamic policy change
- requires patches from upstream kernel & iptables
* privilege-to-Smack mapping
- allows dynamic policy change
- doesn't require any custom kernel changes
- doesn't support simultaneous multiuser
Change-Id: I9984ce4f9a761be9182535ec60ee11dbb13acc77
| -rw-r--r-- | packaging/security-manager.changes | 25 | ||||
| -rw-r--r-- | packaging/security-manager.spec | 2 | ||||
| -rw-r--r-- | pc/security-manager.pc.in | 2 |
3 files changed, 27 insertions, 2 deletions
diff --git a/packaging/security-manager.changes b/packaging/security-manager.changes index 2ef67eb5..db627289 100644 --- a/packaging/security-manager.changes +++ b/packaging/security-manager.changes @@ -1,3 +1,28 @@ +Release: 1.6.0 +Date: 2020.04.21 +Name: Release 1.6.0 +Description: +Fix security_manager_cleanup_app() +Add group mapping for internal/appdebugging privilege +Create new RPM for loading iptables rules at system start +Properly handle nonexisting apps uninstallation +Disable Smack privilege mapping configuration +Fix multi-user detection +Use mount namespace mount points to find running apps +Remove privilege related Smack rules when multi-user is detected +Change privilege related Smack rules on cynara policy change +Remove privilege Smack mapping rules on application uninstallation +Check if smack privilege mapping is enabled +Add Smack template files manager +Split smack API wrapper and rules management +Add restriction for privilege smack mapping rules +Change privilege and privilege status vector names for clarity +Change cynara client check to admin check for allowed privs +Add privilege-Smack mapping +Fix security-manager worker + +############################### + Release: 1.5.22 Date: 2020.04.10 Name: Release 1.5.22 diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec index 17380e14..b5a8d716 100644 --- a/packaging/security-manager.spec +++ b/packaging/security-manager.spec @@ -1,6 +1,6 @@ Name: security-manager Summary: Security manager and utilities -Version: 1.5.22 +Version: 1.6.0 Release: 0 Group: Security/Service License: Apache-2.0 diff --git a/pc/security-manager.pc.in b/pc/security-manager.pc.in index 9ac13bbc..db231789 100644 --- a/pc/security-manager.pc.in +++ b/pc/security-manager.pc.in @@ -5,7 +5,7 @@ includedir=${prefix}/include Name: security-manager Description: Security Manager Package -Version: 1.5.22 +Version: 1.6.0 Requires: Libs: -L${libdir} -lsecurity-manager-client Cflags: -I${includedir}/security-manager |