summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-security/security-manager
diff options
context:
space:
mode:
authorJan-Simon Moeller <jsmoeller@linuxfoundation.org>2020-12-08 11:12:45 +0100
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2020-12-17 13:59:52 +0000
commit1c3c06842ac1b9c089d0a08e91c60f44e4844fac (patch)
tree21e97368be8f78a3e76b66dfda24c1d5e774519f /meta-security/recipes-security/security-manager
parentc1e048fc05542d859115990312e0753ce2dea72e (diff)
SPEC-3723: restructure meta-agl
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769
Diffstat (limited to 'meta-security/recipes-security/security-manager')
-rw-r--r--meta-security/recipes-security/security-manager/security-manager.inc83
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch47
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch36
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch117
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch34
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch32
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch47
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch78
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch38
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch40
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch51
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch32
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch122
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch259
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch78
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch34
-rw-r--r--meta-security/recipes-security/security-manager/security-manager_git.bb27
17 files changed, 0 insertions, 1155 deletions
diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc
deleted file mode 100644
index e1d1f4011..000000000
--- a/meta-security/recipes-security/security-manager/security-manager.inc
+++ /dev/null
@@ -1,83 +0,0 @@
-DESCRIPTION = "Security manager and utilities"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3"
-
-inherit cmake
-
-B = "${S}"
-
-DEPENDS = " \
- attr \
- boost \
- cynara \
- icu \
- libcap \
- smack \
- sqlite3 \
- systemd \
-"
-
-PACKAGECONFIG ??= ""
-PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
-
-TZ_SYS_DB ?= "/var/db/security-manager"
-
-EXTRA_OECMAKE = " \
- -DCMAKE_VERBOSE_MAKEFILE=ON \
- -DVERSION=${PV} \
- -DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
- -DBIN_INSTALL_DIR=${bindir} \
- -DDB_INSTALL_DIR=${TZ_SYS_DB} \
- -DLIB_INSTALL_DIR=${libdir} \
- -DSHARE_INSTALL_PREFIX=${datadir} \
- -DINCLUDE_INSTALL_DIR=${includedir} \
-"
-
-inherit systemd
-SYSTEMD_SERVICE_${PN} = "security-manager.service"
-
-inherit features_check
-REQUIRED_DISTRO_FEATURES += "smack"
-
-# The upstream source code contains the Tizen-specific policy configuration files.
-# To replace them, create a security-manager.bbappend and set the following variable to a
-# space-separated list of policy file names (not URIs!), for example:
-# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile"
-#
-# Leave it empty to use the upstream Tizen policy.
-SECURITY_MANAGER_POLICY ?= ""
-SRC_URI_append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}"
-python do_patch_append () {
- import os
- import shutil
- import glob
- files = d.getVar('SECURITY_MANAGER_POLICY', True).split()
- if files:
- s = d.getVar('S', True)
- workdir = d.getVar('WORKDIR', True)
- for pattern in ['*.profile', '*.list']:
- for old_file in glob.glob(s + '/policy/' + pattern):
- os.unlink(old_file)
- for file in files:
- shutil.copy(file, s + '/policy')
-}
-
-do_install_append () {
- install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants
- ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service
- install -d ${D}/${systemd_unitdir}/system/sockets.target.wants
- ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
-}
-
-RDEPENDS_${PN} += "sqlite3 cynara"
-FILES_${PN} += " \
- ${systemd_unitdir} \
- ${TZ_SYS_DB} \
- ${bindir}/.security-manager-setup \
-"
-
-PACKAGES =+ "${PN}-policy"
-FILES_${PN}-policy = " \
- ${datadir}/${PN} \
- ${bindir}/security-manager-policy-reload \
-"
diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch b/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
deleted file mode 100644
index 91ce81963..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3d9d1d83fe298a364f51ad752c17aad461beded3 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Tue, 24 Mar 2015 04:54:03 -0700
-Subject: [PATCH 01/14] systemd: stop using compat libs
-
-libsystemd-journal and libsystemd-daemon are considered obsolete
-in systemd since 2.09 and may not be available (not compiled
-by default).
-
-The code works fine with the current libsystemd, so just
-use that.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- src/common/CMakeLists.txt | 2 +-
- src/server/CMakeLists.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 2da9c3e..968c7c1 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -3,7 +3,7 @@ SET(COMMON_VERSION ${COMMON_VERSION_MAJOR}.0.2)
-
- PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
-- libsystemd-journal
-+ libsystemd
- libsmack
- db-util
- cynara-admin
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 753eb96..6849d76 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -1,6 +1,6 @@
- PKG_CHECK_MODULES(SERVER_DEP
- REQUIRED
-- libsystemd-daemon
-+ libsystemd
- )
-
- FIND_PACKAGE(Boost REQUIRED)
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch b/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
deleted file mode 100644
index b6346480b..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From a90515613f09140049b2bdf471fa83d5dd7bad1c Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Wed, 19 Aug 2015 15:02:32 +0200
-Subject: [PATCH 02/14] security-manager-policy-reload: do not depend on GNU
- sed
-
-\U (= make replacement uppercase) is a GNU sed extension which is not
-supported by other sed implementation's (like the one from
-busybox). When using busybox, the bucket for user profiles became
-USER_TYPE_Uadmin instead USER_TYPE_ADMIN.
-
-To make SecurityManager more portable, better use tr to turn the
-bucket name into uppercase.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- policy/security-manager-policy-reload | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..6f211c6 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -33,7 +33,7 @@ END
- find "$POLICY_PATH" -name "usertype-*.profile" |
- while read file
- do
-- bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\U\1|'`"
-+ bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`"
-
- # Re-create the bucket with empty contents
- cyad --delete-bucket=$bucket || true
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
deleted file mode 100644
index d79345e01..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:01:35 -0600
-Subject: [PATCH 03/14] Smack-rules: create two new functions
-
-It let to smack-rules to create multiple set of rules
-related with the privileges.
-
-It runs from the same bases than for a static set of rules on the
-template, but let you add 1 or many templates for different cases.
-
-Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/include/smack-rules.h | 15 +++++++++++
- src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++
- 2 files changed, 59 insertions(+)
-
-diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
-index 91446a7..3ad9dd4 100644
---- a/src/common/include/smack-rules.h
-+++ b/src/common/include/smack-rules.h
-@@ -47,6 +47,8 @@ public:
- void addFromTemplate(const std::vector<std::string> &templateRules,
- const std::string &appId, const std::string &pkgId);
- void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
-+ void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
-+ const std::string &path);
-
- void apply() const;
- void clear() const;
-@@ -74,6 +76,19 @@ public:
- */
- static void installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents);
-+ /**
-+ * Install privileges-specific smack rules.
-+ *
-+ * Function creates smack rules using predefined template. Rules are applied
-+ * to the kernel and saved on persistent storage so they are loaded on system boot.
-+ *
-+ * @param[in] appId - application id that is beeing installed
-+ * @param[in] pkgId - package id that the application is in
-+ * @param[in] pkgContents - a list of all applications in the package
-+ * @param[in] privileges - a list of all prvileges
-+ */
-+ static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
- /**
- * Uninstall package-specific smack rules.
- *
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 3629e0f..922a56f 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
- }
- }
-
-+void SmackRules::addFromTemplateFile(const std::string &appId,
-+ const std::string &pkgId, const std::string &path)
-+{
-+ std::vector<std::string> templateRules;
-+ std::string line;
-+ std::ifstream templateRulesFile(path);
-+
-+ if (!templateRulesFile.is_open()) {
-+ LogError("Cannot open rules template file: " << path);
-+ ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
-+ }
-+
-+ while (std::getline(templateRulesFile, line)) {
-+ templateRules.push_back(line);
-+ }
-+
-+ if (templateRulesFile.bad()) {
-+ LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ }
-+
-+ addFromTemplate(templateRules, appId, pkgId);
-+}
-
- void SmackRules::addFromTemplateFile(const std::string &appId,
- const std::string &pkgId)
-@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
- return path;
- }
-+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-+{
-+ SmackRules smackRules;
-+ std::string appPath = getApplicationRulesFilePath(appId);
-+ smackRules.loadFromFile(appPath);
-+ struct stat buffer;
-+ for (auto privilege : privileges) {
-+ if (privilege.empty())
-+ continue;
-+ std::string fprivilege ( privilege + "-template.smack");
-+ std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ if( stat(path.c_str(), &buffer) == 0)
-+ smackRules.addFromTemplateFile(appId, pkgId, path);
-+ }
-+
-+ if (smack_smackfs_path() != NULL)
-+ smackRules.apply();
-
-+ smackRules.saveToFile(appPath);
-+ updatePackageRules(pkgId, pkgContents);
-+}
- void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents)
- {
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch b/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
deleted file mode 100644
index 59d4971ff..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a5979d9d674e400ecd7fcdf5d7589cfa0cfeb492 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:06:23 -0600
-Subject: [PATCH 04/14] app-install: implement multiple set of smack-rules
-
-If it's need it could create load multiple set of smack rules
-related with the privileges.
-It wouldn't affect the case that only the default set of rules is need it.
-
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/service_impl.cpp | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index 7fd621c..ae305d3 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -338,6 +338,12 @@ int appInstall(const app_inst_req &req, uid_t uid)
- LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
- << req.pkgId << ". Applications in package: " << pkgContents.size());
- SmackRules::installApplicationRules(req.appId, req.pkgId, pkgContents);
-+ /*Setup for privileges custom rules*/
-+ LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
-+ << req.pkgId << ". Applications in package: " << pkgContents.size()
-+ << " and Privileges");
-+ SmackRules::installApplicationPrivilegesRules(req.appId, req.pkgId,
-+ pkgContents,req.privileges);
- } catch (const SmackException::Base &e) {
- LogError("Error while applying Smack policy for application: " << e.DumpToString());
- return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch b/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
deleted file mode 100644
index 0739f28c7..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 198ba9b9782fda19803e94d2afeff91189ac27af Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
-Date: Wed, 13 Jan 2016 17:30:06 +0100
-Subject: [PATCH 05/14] c++11: replace deprecated auto_ptr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream-Status: Submitted [https://review.tizen.org/gerrit/#/c/56940/]
-
-Change-Id: Id793c784c9674eef48f346226c094bdd9f7bbda8
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/dpl/core/include/dpl/binary_queue.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/include/dpl/binary_queue.h b/src/dpl/core/include/dpl/binary_queue.h
-index dd03f5e..185b6c7 100644
---- a/src/dpl/core/include/dpl/binary_queue.h
-+++ b/src/dpl/core/include/dpl/binary_queue.h
-@@ -33,7 +33,7 @@ namespace SecurityManager {
- * Binary queue auto pointer
- */
- class BinaryQueue;
--typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-+typedef std::unique_ptr<BinaryQueue> BinaryQueueAutoPtr;
-
- /**
- * Binary stream implemented as constant size bucket list
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch b/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
deleted file mode 100644
index 3b8aad98c..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From ec098bf03cea23350ca7d1ea2ad88b9c88228943 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 8 Jan 2016 16:53:46 +0100
-Subject: [PATCH 06/14] socket-manager: removes tizen specific call
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The function 'smack_fgetlabel' is specific to Tizen
-and is no more maintained upstream.
-
-Upstream-Status: Accepted [https://review.tizen.org/gerrit/#/c/56507/]
-
-Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/server/main/socket-manager.cpp | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
-index 94c54c6..5e1a79b 100644
---- a/src/server/main/socket-manager.cpp
-+++ b/src/server/main/socket-manager.cpp
-@@ -30,6 +30,7 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/smack.h>
-+#include <linux/xattr.h>
- #include <sys/un.h>
- #include <sys/stat.h>
- #include <unistd.h>
-@@ -493,9 +494,9 @@ int SocketManager::CreateDomainSocketHelp(
- if (smack_check()) {
- LogInfo("Set up smack label: " << desc.smackLabel);
-
-- if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
-- LogError("Error in smack_fsetlabel");
-- ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
-+ if (0 != smack_set_label_for_file(sockfd, XATTR_NAME_SMACKIPIN, desc.smackLabel.c_str())) {
-+ LogError("Error in smack_set_label_for_file");
-+ ThrowMsg(Exception::InitFailed, "Error in smack_set_label_for_file");
- }
- } else {
- LogInfo("No smack on platform. Socket won't be securied with smack label!");
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch b/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
deleted file mode 100644
index bad99d25a..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 9d0791dab4b4df086374c5c0ba2a6558e10e81c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 15:56:27 +0100
-Subject: [PATCH 07/14] removes dependency to libslp-db-utils
-
-Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec
----
- src/common/CMakeLists.txt | 3 ++-
- src/dpl/db/src/sql_connection.cpp | 17 +----------------
- 2 files changed, 3 insertions(+), 17 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 968c7c1..9ae376f 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
- libsystemd
- libsmack
-- db-util
-+ sqlite3
-+ icu-i18n
- cynara-admin
- cynara-client
- )
-diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp
-index fdb4fe4..f49a6dc 100644
---- a/src/dpl/db/src/sql_connection.cpp
-+++ b/src/dpl/db/src/sql_connection.cpp
-@@ -26,7 +26,6 @@
- #include <memory>
- #include <dpl/noncopyable.h>
- #include <dpl/assert.h>
--#include <db-util.h>
- #include <unistd.h>
- #include <cstdio>
- #include <cstdarg>
-@@ -606,16 +605,7 @@ void SqlConnection::Connect(const std::string &address,
-
- // Connect to database
- int result;
-- if (type & Flag::UseLucene) {
-- result = db_util_open_with_options(
-- address.c_str(),
-- &m_connection,
-- flag,
-- NULL);
--
-- m_usingLucene = true;
-- LogPedantic("Lucene index enabled");
-- } else {
-+ (void)type;
- result = sqlite3_open_v2(
- address.c_str(),
- &m_connection,
-@@ -624,7 +614,6 @@ void SqlConnection::Connect(const std::string &address,
-
- m_usingLucene = false;
- LogPedantic("Lucene index disabled");
-- }
-
- if (result == SQLITE_OK) {
- LogPedantic("Connected to DB");
-@@ -653,11 +642,7 @@ void SqlConnection::Disconnect()
-
- int result;
-
-- if (m_usingLucene) {
-- result = db_util_close(m_connection);
-- } else {
- result = sqlite3_close(m_connection);
-- }
-
- if (result != SQLITE_OK) {
- const char *error = sqlite3_errmsg(m_connection);
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
deleted file mode 100644
index 5ece7ef4f..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a1d9b40b4fa2e73d31a53e398c286bffeaae1732 Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Wed, 12 Oct 2016 17:48:55 +0200
-Subject: [PATCH 08/14] Fix gcc6 build
-
-Signed-off-by: ronan <ronan@ot.bzh>
----
- src/client/client-security-manager.cpp | 1 +
- src/common/include/privilege_db.h | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
-index 74a6b30..347cddd 100644
---- a/src/client/client-security-manager.cpp
-+++ b/src/client/client-security-manager.cpp
-@@ -46,6 +46,7 @@
- #include <service_impl.h>
- #include <security-manager.h>
- #include <client-offline.h>
-+#include <linux/xattr.h>
-
- static const char *EMPTY = "";
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 4d73d90..08fb9d6 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -32,6 +32,7 @@
- #include <map>
- #include <stdbool.h>
- #include <string>
-+#include <vector>
-
- #include <dpl/db/sql_connection.h>
- #include <tzplatform_config.h>
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
deleted file mode 100644
index 706eb1a93..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 382379d74221bcc60a0ab70d63430a1c0587b2ec Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Thu, 13 Oct 2016 11:37:47 +0200
-Subject: [PATCH 09/14] Fix Cmake conf for gcc6 build
-
-Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
----
- src/cmd/CMakeLists.txt | 4 +---
- src/server/CMakeLists.txt | 1 -
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
-index ee9a160..aa7a12c 100644
---- a/src/cmd/CMakeLists.txt
-+++ b/src/cmd/CMakeLists.txt
-@@ -1,8 +1,6 @@
- FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options)
-
--INCLUDE_DIRECTORIES(SYSTEM
-- ${Boost_INCLUDE_DIRS}
-- )
-+
-
- INCLUDE_DIRECTORIES(
- ${INCLUDE_PATH}
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 6849d76..9598037 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
-
- INCLUDE_DIRECTORIES(SYSTEM
- ${SERVER_DEP_INCLUDE_DIRS}
-- ${Boost_INCLUDE_DIRS}
- ${Threads_INCLUDE_DIRS}
- )
-
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch b/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
deleted file mode 100644
index 0f48c5f68..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 8e93699c0f225716f3cd5eff790270ae9e3880f9 Mon Sep 17 00:00:00 2001
-From: Changhyeok Bae <changhyeok.bae@gmail.com>
-Date: Sun, 17 Dec 2017 15:40:58 +0000
-Subject: [PATCH 10/14] gcc-7 requires include <functional> for std::function
-
-Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
----
- src/client/client-common.cpp | 1 +
- src/common/smack-labels.cpp | 1 +
- src/dpl/core/src/binary_queue.cpp | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
-index 883ab8d..1babdf7 100644
---- a/src/client/client-common.cpp
-+++ b/src/client/client-common.cpp
-@@ -31,6 +31,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <unistd.h>
-+#include <functional>
-
- #include <dpl/log/log.h>
- #include <dpl/serialization.h>
-diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
-index 0294a42..1598099 100644
---- a/src/common/smack-labels.cpp
-+++ b/src/common/smack-labels.cpp
-@@ -29,6 +29,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <memory>
-+#include <functional>
- #include <fts.h>
- #include <cstring>
- #include <string>
-diff --git a/src/dpl/core/src/binary_queue.cpp b/src/dpl/core/src/binary_queue.cpp
-index 72817a6..838409f 100644
---- a/src/dpl/core/src/binary_queue.cpp
-+++ b/src/dpl/core/src/binary_queue.cpp
-@@ -26,6 +26,7 @@
- #include <malloc.h>
- #include <cstring>
- #include <new>
-+#include <functional>
-
- namespace SecurityManager {
- BinaryQueue::BinaryQueue() :
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch b/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
deleted file mode 100644
index 5c679fc26..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 243b7ffee16558d7cb9b411f49380138efeffca9 Mon Sep 17 00:00:00 2001
-From: Stephane Desneux <stephane.desneux@iot.bzh>
-Date: Fri, 1 Feb 2019 12:26:17 +0000
-Subject: [PATCH 11/14] Fix gcc8 warning/error [-Werror=catch-value=]
-
-Fixes the following warning/error during compile:
-
-src/dpl/core/src/assert.cpp:61:14: error: catching polymorphic type 'class SecurityManager::Exception' by value [-Werror=catch-value=]
-| } catch (Exception) {
-| ^~~~~~~~~
-
-Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
----
- src/dpl/core/src/assert.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/src/assert.cpp b/src/dpl/core/src/assert.cpp
-index 63538a2..fc60ce9 100644
---- a/src/dpl/core/src/assert.cpp
-+++ b/src/dpl/core/src/assert.cpp
-@@ -58,7 +58,7 @@ void AssertProc(const char *condition,
- INTERNAL_LOG("### Function: " << function);
- INTERNAL_LOG(
- "################################################################################");
-- } catch (Exception) {
-+ } catch (Exception const&) {
- // Just ignore possible double errors
- }
-
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch b/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
deleted file mode 100644
index 91ccf9ee2..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 5ee51d38575f289c2bf37ed817ef680ed47bb320 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 1 Feb 2019 15:37:44 +0100
-Subject: [PATCH 12/14] Avoid casting from "const T&" to "void*"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Latest version of g++ refuse the cast
-
- reinterpret_cast<void (Service::*)(void*)>(serviceFunction)
-
-I made no investigation to know if the problem
-is coming from the const or not.
-
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- src/server/main/include/service-thread.h | 42 ++++++++++--------------
- 1 file changed, 18 insertions(+), 24 deletions(-)
-
-diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h
-index 964d168..61fdda8 100644
---- a/src/server/main/include/service-thread.h
-+++ b/src/server/main/include/service-thread.h
-@@ -94,7 +94,7 @@ public:
- Join();
- while (!m_eventQueue.empty()){
- auto front = m_eventQueue.front();
-- delete front.eventPtr;
-+ delete front;
- m_eventQueue.pop();
- }
- }
-@@ -104,34 +104,28 @@ public:
- Service *servicePtr,
- void (Service::*serviceFunction)(const T &))
- {
-- EventDescription description;
-- description.serviceFunctionPtr =
-- reinterpret_cast<void (Service::*)(void*)>(serviceFunction);
-- description.servicePtr = servicePtr;
-- description.eventFunctionPtr = &ServiceThread::EventCall<T>;
-- description.eventPtr = new T(event);
-+ EventCallerBase *ec = new EventCaller<T>(event, servicePtr, serviceFunction);
- {
- std::lock_guard<std::mutex> lock(m_eventQueueMutex);
-- m_eventQueue.push(description);
-+ m_eventQueue.push(ec);
- }
- m_waitCondition.notify_one();
- }
-
- protected:
-
-- struct EventDescription {
-- void (Service::*serviceFunctionPtr)(void *);
-- Service *servicePtr;
-- void (ServiceThread::*eventFunctionPtr)(const EventDescription &event);
-- GenericEvent* eventPtr;
-+ struct EventCallerBase {
-+ virtual void fire() = 0;
-+ virtual ~EventCallerBase() {}
- };
-
- template <class T>
-- void EventCall(const EventDescription &desc) {
-- auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr);
-- const T& eventLocale = *(static_cast<T*>(desc.eventPtr));
-- (desc.servicePtr->*fun)(eventLocale);
-- }
-+ struct EventCaller : public EventCallerBase {
-+ T *event; Service *target; void (Service::*function)(const T&);
-+ EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {}
-+ ~EventCaller() { delete event; }
-+ void fire() { (target->*function)(*event); }
-+ };
-
- static void ThreadLoopStatic(ServiceThread *ptr) {
- ptr->ThreadLoop();
-@@ -139,33 +133,33 @@ protected:
-
- void ThreadLoop(){
- for (;;) {
-- EventDescription description = {NULL, NULL, NULL, NULL};
-+ EventCallerBase *ec = NULL;
- {
- std::unique_lock<std::mutex> ulock(m_eventQueueMutex);
- if (m_quit)
- return;
- if (!m_eventQueue.empty()) {
-- description = m_eventQueue.front();
-+ ec = m_eventQueue.front();
- m_eventQueue.pop();
- } else {
- m_waitCondition.wait(ulock);
- }
- }
-
-- if (description.eventPtr != NULL) {
-+ if (ec != NULL) {
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
-- (this->*description.eventFunctionPtr)(description);
-- delete description.eventPtr;
-+ ec->fire();
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-+ delete ec;
- }
- }
- }
-
- std::thread m_thread;
- std::mutex m_eventQueueMutex;
-- std::queue<EventDescription> m_eventQueue;
-+ std::queue<EventCallerBase*> m_eventQueue;
- std::condition_variable m_waitCondition;
-
- State m_state;
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch b/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
deleted file mode 100644
index fb6215923..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
+++ /dev/null
@@ -1,259 +0,0 @@
-From 6c96a39ba7a7763ccd47e379dbfd8d376164985f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 14:26:25 +0100
-Subject: [PATCH 13/14] Removing tizen-platform-config
-
-Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
----
- CMakeLists.txt | 16 +++++++-
- db/CMakeLists.txt | 2 +-
- policy/CMakeLists.txt | 1 +
- ...load => security-manager-policy-reload.in} | 4 +-
- src/common/file-lock.cpp | 4 +-
- src/common/include/file-lock.h | 1 -
- src/common/include/privilege_db.h | 3 +-
- src/common/service_impl.cpp | 39 ++++++-------------
- src/common/smack-rules.cpp | 12 ++----
- 9 files changed, 37 insertions(+), 45 deletions(-)
- rename policy/{security-manager-policy-reload => security-manager-policy-reload.in} (94%)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 28790d8..37a43cc 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -49,7 +49,7 @@ ADD_DEFINITIONS("-Wall") # Generate all warnings
- ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-
- STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
--ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-+ADD_DEFINITIONS("-DAPI_VERSION=\"${API_VERSION}\"")
-
- ADD_DEFINITIONS("-DSMACK_ENABLED")
-
-@@ -58,6 +58,20 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
- ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
- ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
-
-+SET(DATADIR "/usr/share/security-manager" CACHE STRING "path to data directory")
-+SET(SMACKRULESDIR "/etc/smack/accesses.d" CACHE STRING "path to Smack rules directory")
-+SET(LOCKDIR "/var/run/lock" CACHE STRING "path to lock directory")
-+SET(DB_INSTALL_DIR "/var/db/security-manager" CACHE STRING "path to database directory")
-+SET(DB_FILENAME ".security-manager.db" CACHE STRING "basename of database")
-+SET(GLOBALUSER "userapp" CACHE STRING "name of the global user")
-+
-+ADD_DEFINITIONS("-DDATADIR=\"${DATADIR}\"")
-+ADD_DEFINITIONS("-DSMACKRULESDIR=\"${SMACKRULESDIR}\"")
-+ADD_DEFINITIONS("-DLOCKDIR=\"${LOCKDIR}\"")
-+ADD_DEFINITIONS("-DDB_INSTALL_DIR=\"${DB_INSTALL_DIR}\"")
-+ADD_DEFINITIONS("-DDB_FILENAME=\"${DB_FILENAME}\"")
-+ADD_DEFINITIONS("-DGLOBALUSER=\"${GLOBALUSER}\"")
-+
- ADD_SUBDIRECTORY(src)
- ADD_SUBDIRECTORY(pc)
- ADD_SUBDIRECTORY(systemd)
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index 9e8ffcc..d7af1a0 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,4 +1,4 @@
--SET(TARGET_DB ".security-manager.db")
-+SET(TARGET_DB "$(DB_FILENAME)")
-
- ADD_CUSTOM_COMMAND(
- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt
-index bd08edc..626a2bd 100644
---- a/policy/CMakeLists.txt
-+++ b/policy/CMakeLists.txt
-@@ -1,4 +1,5 @@
- FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
-+CONFIGURE_FILE(security-manager-policy-reload.in security-manager-policy-reload @ONLY)
- INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload.in
-similarity index 94%
-rename from policy/security-manager-policy-reload
-rename to policy/security-manager-policy-reload.in
-index 6f211c6..c1bc4e2 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload.in
-@@ -1,8 +1,8 @@
- #!/bin/sh -e
-
--POLICY_PATH=/usr/share/security-manager/policy
-+POLICY_PATH=@DATADIR@/policy
- PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
--DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
-+DB_FILE=@DB_INSTALL_DIR@/@DB_FILENAME@
-
- # Create default buckets
- while read bucket default_policy
-diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
-index 6f3996c..88d2092 100644
---- a/src/common/file-lock.cpp
-+++ b/src/common/file-lock.cpp
-@@ -30,9 +30,7 @@
-
- namespace SecurityManager {
-
--char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
-- "lock",
-- "security-manager.lock");
-+char const * const SERVICE_LOCK_FILE = LOCKDIR "/security-manager.lock";
-
- FileLocker::FileLocker(const std::string &lockFile, bool blocking)
- {
-diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
-index 604b019..21a86a0 100644
---- a/src/common/include/file-lock.h
-+++ b/src/common/include/file-lock.h
-@@ -29,7 +29,6 @@
-
- #include <dpl/exception.h>
- #include <dpl/noncopyable.h>
--#include <tzplatform_config.h>
-
- namespace SecurityManager {
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 08fb9d6..3344987 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -35,14 +35,13 @@
- #include <vector>
-
- #include <dpl/db/sql_connection.h>
--#include <tzplatform_config.h>
-
- #ifndef PRIVILEGE_DB_H_
- #define PRIVILEGE_DB_H_
-
- namespace SecurityManager {
-
--const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-+const char *const PRIVILEGE_DB_PATH = DB_INSTALL_DIR "/" DB_FILENAME;
-
- enum class QueryType {
- EGetPkgPrivileges,
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index ae305d3..42150fe 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -32,7 +32,6 @@
- #include <algorithm>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "protocols.h"
- #include "privilege_db.h"
-@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
-
- static uid_t getGlobalUserId(void)
- {
-- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-+ static uid_t globaluid = 0;
-+ if (!globaluid) {
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwnam_r(GLOBALUSER, &pw, buf, sizeof buf, &p);
-+ globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
-+ }
- return globaluid;
- }
-
-@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
-
- static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
- {
-- struct tzplatform_context *tz_ctx = nullptr;
--
-- if (tzplatform_context_create(&tz_ctx))
-- return false;
--
-- if (tzplatform_context_set_user(tz_ctx, uid)) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
-+ if (rc || p == NULL)
- return false;
-- }
--
-- enum tzplatform_variable id =
-- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
-- const char *appDir = tzplatform_context_getenv(tz_ctx, id);
-- if (!appDir) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-- return false;
-- }
--
-- userAppDir = appDir;
--
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
--
-+ userAppDir = p->pw_dir;
- return true;
- }
-
- static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
- {
-- std::string userHome;
- std::string userAppDir;
- std::stringstream correctPath;
-
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 922a56f..c2e0041 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -34,7 +34,6 @@
- #include <memory>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "smack-labels.h"
- #include "smack-rules.h"
-@@ -43,7 +42,7 @@ namespace SecurityManager {
-
- const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~";
- const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~";
--const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
-+const char *const APP_RULES_TEMPLATE_FILE_PATH = DATADIR "/policy/app-rules-template.smack";
- const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat";
-
- SmackRules::SmackRules()
-@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
-
- std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/pkg_" + pkgId;
- }
-
- std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/app_" + appId;
- }
- void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
- for (auto privilege : privileges) {
- if (privilege.empty())
- continue;
-- std::string fprivilege ( privilege + "-template.smack");
-- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ std::string path = DATADIR "/policy/" + privilege + "-template.smack";
- if( stat(path.c_str(), &buffer) == 0)
- smackRules.addFromTemplateFile(appId, pkgId, path);
- }
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch b/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
deleted file mode 100644
index 542a387d2..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From c7f9d14e38a1b6d40b2fffa01433a3025eff9abd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Tue, 26 Nov 2019 12:34:39 +0100
-Subject: [PATCH 14/14] Ensure post install initialization of database
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Creation of the database was made during image creation,
-leading to issue with SOTA. This adds the creation on
-need before launching the service.
-
-Change-Id: Idfd0676bd87d39f7c10eaafd63f3a318f675c972
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- db/CMakeLists.txt | 14 ++++++--------
- db/security-manager-setup | 14 ++++++++++++++
- systemd/security-manager.service.in | 1 +
- 3 files changed, 21 insertions(+), 8 deletions(-)
- create mode 100644 db/security-manager-setup
-
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index d7af1a0..dcf5bc8 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,12 +1,10 @@
--SET(TARGET_DB "$(DB_FILENAME)")
--
- ADD_CUSTOM_COMMAND(
-- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-- COMMAND sqlite3 ${TARGET_DB} <db.sql
-- )
-+ OUTPUT .security-manager-setup
-+ COMMAND sed '/--DB\.SQL--/r db.sql' security-manager-setup > .security-manager-setup
-+ DEPENDS security-manager-setup db.sql
-+)
-
- # Add a dummy build target to trigger building of ${TARGET_DB}
--ADD_CUSTOM_TARGET(DB ALL DEPENDS ${TARGET_DB})
-+ADD_CUSTOM_TARGET(DB ALL DEPENDS .security-manager-setup)
-
--INSTALL(FILES ${TARGET_DB} DESTINATION ${DB_INSTALL_DIR})
--INSTALL(FILES ${TARGET_DB}-journal DESTINATION ${DB_INSTALL_DIR})
-+INSTALL(PROGRAMS .security-manager-setup DESTINATION ${BIN_INSTALL_DIR})
-diff --git a/db/security-manager-setup b/db/security-manager-setup
-new file mode 100644
-index 0000000..5675baf
---- /dev/null
-+++ b/db/security-manager-setup
-@@ -0,0 +1,14 @@
-+#!/bin/sh
-+
-+if test -f "$1"; then exit; fi
-+set -e
-+dbdir="$(dirname "$1")"
-+dbfile="$(basename "$1")"
-+test -n "$dbfile"
-+test -n "$dbdir"
-+mkdir -p "$dbdir"
-+cd "$dbdir"
-+sqlite3 "$dbfile" << END-OF-CAT
-+--DB.SQL--
-+END-OF-CAT
-+
-diff --git a/systemd/security-manager.service.in b/systemd/security-manager.service.in
-index 23fd1b2..2bf97d7 100644
---- a/systemd/security-manager.service.in
-+++ b/systemd/security-manager.service.in
-@@ -3,5 +3,6 @@ Description=Start the security manager
-
- [Service]
- Type=notify
-+ExecStartPre=@BIN_INSTALL_DIR@/.security-manager-setup @DB_INSTALL_DIR@/@DB_FILENAME@
- ExecStart=@BIN_INSTALL_DIR@/security-manager
- Sockets=security-manager.socket
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch b/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
deleted file mode 100644
index d9949193b..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7cffcd61378a9d7c0e7db5691b2da3a37448c969 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Thu, 30 Jan 2020 09:19:25 +0100
-Subject: [PATCH 15/15] Restrict socket accesses
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ensure that only members of the group and the owner can access
-the security manager.
-
-Bug-AGL: SPEC-3146
-
-Change-Id: I68ce6523db4bfd4707c3680555c3cb0cf8858ef2
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- systemd/security-manager.socket | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/systemd/security-manager.socket b/systemd/security-manager.socket
-index af1c1da..b401f77 100644
---- a/systemd/security-manager.socket
-+++ b/systemd/security-manager.socket
-@@ -1,6 +1,6 @@
- [Socket]
- ListenStream=/run/security-manager.socket
--SocketMode=0777
-+SocketMode=0660
- SmackLabelIPIn=*
- SmackLabelIPOut=@
-
---
-2.21.1
-
diff --git a/meta-security/recipes-security/security-manager/security-manager_git.bb b/meta-security/recipes-security/security-manager/security-manager_git.bb
deleted file mode 100644
index b34973519..000000000
--- a/meta-security/recipes-security/security-manager/security-manager_git.bb
+++ /dev/null
@@ -1,27 +0,0 @@
-require security-manager.inc
-
-PV = "1.0.2+git${SRCPV}"
-SRCREV = "860305a595d681d650024ad07b3b0977e1fcb0a6"
-SRC_URI += "git://github.com/Samsung/security-manager.git"
-S = "${WORKDIR}/git"
-
-SRC_URI += " \
- file://0001-systemd-stop-using-compat-libs.patch \
- file://0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch \
- file://0003-Smack-rules-create-two-new-functions.patch \
- file://0004-app-install-implement-multiple-set-of-smack-rules.patch \
- file://0005-c-11-replace-deprecated-auto_ptr.patch \
- file://0006-socket-manager-removes-tizen-specific-call.patch \
- file://0007-removes-dependency-to-libslp-db-utils.patch \
- file://0008-Fix-gcc6-build.patch \
- file://0009-Fix-Cmake-conf-for-gcc6-build.patch \
- file://0010-gcc-7-requires-include-functional-for-std-function.patch \
- file://0011-Fix-gcc8-warning-error-Werror-catch-value.patch \
- file://0012-Avoid-casting-from-const-T-to-void.patch \
- file://0013-Removing-tizen-platform-config.patch \
- file://0014-Ensure-post-install-initialization-of-database.patch \
- file://0015-Restrict-socket-accesses.patch \
-"
-
-# Use make with cmake and not ninja
-OECMAKE_GENERATOR = "Unix Makefiles"