Age | Commit message (Collapse) | Author | Files | Lines |
|
It is important for developement process and for monitoring
hacking to track violations and to monitor wrong uses or problems.
By activating audit with Smack we ensure that detection and reporting
of hazardous or malicious violations will be possible.
Change-Id: I7808ff17b5b8ba1fb09742fd273f46f06917d26b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
The sockets created by kernel thread will now be
tagged @ instead of _.
This problem was occuring during creation of AF_BLUETOOTH (but is
also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go
through the normal socket creation process within linux).
Having the tag @ allows read/write to sockets without special
rules and tus solve the problem.
This solution from upstream linux patches backported and from
a patch made by Samsung for Tizen and that is currently
discussed within kernel lists.
Also add some improvements of the LSM Smack (valid caching and signal 0).
These improvements are backports of patches already available for
linux 4.9-rc3.
AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293)
Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Change-Id: Ic78464d6e9c07e205b222b3f0f3d49ed1b928ed6
Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
|
|
Since introduction of ambient capabilities,
systemd deprecated the use of Capabilities.
With systemd 229 activated with krogoth,
the use of Capabilities does nothing.
This commits avoids to use SecureBits and Capabilities.
It now relies on the fact that post installations are
setting the capabilities to the file:
- setcap cap_mac_override,cap_dac_override=ep afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon
Using p (permitted) instead of i (inherited) that was
previously used.
It also includes evolutions of the security model to be synchronized
with the deletion of 'User'. The recommended version to use now
is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285.
Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Within app-framework-binder:
- fixes read and write lock (EAGAIN)
- fixes SIGPIPE handling
- improves the documentation
Within app-framework-main:
- improves documentation (for config.xml)
- fixes setting of permissions
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: If860d00204f82ee85ed1fd4ca9ac9820b844085f
|
|
- Adds the handling of a root for HTTP files with the option --roothttp
- Improves API for openning localized data
- Adds the handling of language
Change-Id: Ia0c6e840265595b6e0415e8ea7a9e6585d8bb88d
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
The previous implmentation wasn't enough good to allow
the websocket handshake by any client. In particular,
the Qt client wasn't able to connect to binder's websockets.
Also upgrade to MHD 0.9.49 (compatible with krogoth)
Change-Id: Ib5800a4ff6c3d5e6bb11359266867fde52c06dce
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
- fix event propagation to services
- fix memory leaks
Change-Id: I73432fd9f4a144d2790a7a67d471045048b5e537
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
libafbwsc is a C WebSockets helper library needed for most
native apffw clients, such as the default provided one,
"afb-client-demo".
Change-Id: I321f62cbd6a04bc3e4b91e4de544865c83397979
Signed-off-by: Manuel Bachmann <mbc@iot.bzh>
|
|
also add base bindings needed for most appfw clients:
* af-binder-binding-afb-dbus-binding
* af-binder-binding-authlogin
Change-Id: I19e5da9490ad9316ed172591f4ebd5755934143a
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
This solves a problem with libafbwsc (Websocket Client library)
when used from SDK to build clients (internal dependency fixed).
Change-Id: I137931c72d895679892523a6bd66cc4ecd4ea1a0
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
libafbwsc-dev
Change-Id: If0ce85a3a6ef1e715681c1011e12dad278735e04
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Change-Id: I8d2c85d67eec3c697c6abb072955d5e2de8c5e5f
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
nativesdk-packagegroup-sdk-host
This is required to install app framework sdk tools.
Change-Id: Iad407420fa734c063926d1883c288af387155668
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Change-Id: Ia9c5d33defc23612fda34c01a1f1e7d789c961ad
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Change-Id: I3ce83d0a5cd018d4b77492e4237fc4d297ee312f
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Change-Id: If7481696d130859e87f3110af2d0c5dde25615d6
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
meta-app-framework is a layer containing the AGL App Framework recipes
4 new layers are added for application framework:
* meta-intel-iot-security/meta-security-smack
* meta-intel-iot-security/meta-security-framework
* meta-agl/meta-agl-security
* meta-agl/meta-app-framework
Configuration file changes to support AppFw:
* activation of Smack and Cynara
* modify the tar command to be used to support Smack extended attributes
Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|