summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-security/security-manager
diff options
context:
space:
mode:
Diffstat (limited to 'meta-app-framework/recipes-security/security-manager')
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager.inc83
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch50
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch47
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch36
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch117
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch34
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch32
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch47
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch78
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch38
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch40
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch51
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch32
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch122
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch259
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch78
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch34
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend13
-rw-r--r--meta-app-framework/recipes-security/security-manager/security-manager_git.bb27
19 files changed, 0 insertions, 1218 deletions
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager.inc b/meta-app-framework/recipes-security/security-manager/security-manager.inc
deleted file mode 100644
index c6bc123d3..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager.inc
+++ /dev/null
@@ -1,83 +0,0 @@
-DESCRIPTION = "Security manager and utilities"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3"
-
-inherit cmake
-
-B = "${S}"
-
-DEPENDS = " \
- attr \
- boost \
- cynara \
- icu \
- libcap \
- smack \
- sqlite3 \
- systemd \
-"
-
-PACKAGECONFIG ??= ""
-PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
-
-TZ_SYS_DB ?= "/var/db/security-manager"
-
-EXTRA_OECMAKE = " \
- -DCMAKE_VERBOSE_MAKEFILE=ON \
- -DVERSION=${PV} \
- -DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
- -DBIN_INSTALL_DIR=${bindir} \
- -DDB_INSTALL_DIR=${TZ_SYS_DB} \
- -DLIB_INSTALL_DIR=${libdir} \
- -DSHARE_INSTALL_PREFIX=${datadir} \
- -DINCLUDE_INSTALL_DIR=${includedir} \
-"
-
-inherit systemd
-SYSTEMD_SERVICE:${PN} = "security-manager.service"
-
-inherit features_check
-REQUIRED_DISTRO_FEATURES += "smack"
-
-# The upstream source code contains the Tizen-specific policy configuration files.
-# To replace them, create a security-manager.bbappend and set the following variable to a
-# space-separated list of policy file names (not URIs!), for example:
-# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile"
-#
-# Leave it empty to use the upstream Tizen policy.
-SECURITY_MANAGER_POLICY ?= ""
-SRC_URI:append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}"
-python do_patch:append () {
- import os
- import shutil
- import glob
- files = d.getVar('SECURITY_MANAGER_POLICY', True).split()
- if files:
- s = d.getVar('S', True)
- workdir = d.getVar('WORKDIR', True)
- for pattern in ['*.profile', '*.list']:
- for old_file in glob.glob(s + '/policy/' + pattern):
- os.unlink(old_file)
- for file in files:
- shutil.copy(file, s + '/policy')
-}
-
-do_install:append () {
- install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants
- ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service
- install -d ${D}/${systemd_unitdir}/system/sockets.target.wants
- ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
-}
-
-RDEPENDS:${PN} += "sqlite3 cynara"
-FILES:${PN} += " \
- ${systemd_unitdir} \
- ${TZ_SYS_DB} \
- ${bindir}/.security-manager-setup \
-"
-
-PACKAGES =+ "${PN}-policy"
-FILES:${PN}-policy = " \
- ${datadir}/${PN} \
- ${bindir}/security-manager-policy-reload \
-"
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
deleted file mode 100644
index 4c91f7fa3..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 935e4e4e746b5ffcda80c80097dc75c2581c1a89 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Wed, 19 Oct 2016 13:45:54 +0200
-Subject: [PATCH] Adapt rules to AGL
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git
-as basis for the integration of security framework. The security framework
-that it provides is an evolution of the security framework of tizen refited
-to the distribution Ostro of Intel. This refit took the decision to simplify
-the model by removing the running label "User". More can be viewed here:
-https://github.com/01org/meta-intel-iot-security/pull/116
-
-This commits adapt the template to the rules that are now needed
-after this evolution.
-
-It also integrates one other evolutions: the shared label becomes User::App-Shared instead
-of User::App::Shared to avoid collision with application of id "Shared".
-
-Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- policy/app-rules-template.smack | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
-index 1311169..b4cd2e3 100644
---- a/policy/app-rules-template.smack
-+++ b/policy/app-rules-template.smack
-@@ -1,12 +1,10 @@
--System ~APP~ rwx
-+System ~APP~ rwxa
-+System ~PKG~ rwxat
- ~APP~ System wx
- ~APP~ System::Shared rx
- ~APP~ System::Run rwxat
- ~APP~ System::Log rwxa
- ~APP~ _ l
--User ~APP~ rwxa
--User ~PKG~ rwxat
--~APP~ User wx
- ~APP~ User::Home rxl
--~APP~ User::App::Shared rwxat
-+~APP~ User::App-Shared rwxat
- ~APP~ ~PKG~ rwxat
---
-2.7.4
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
deleted file mode 100644
index 91ce81963..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3d9d1d83fe298a364f51ad752c17aad461beded3 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Tue, 24 Mar 2015 04:54:03 -0700
-Subject: [PATCH 01/14] systemd: stop using compat libs
-
-libsystemd-journal and libsystemd-daemon are considered obsolete
-in systemd since 2.09 and may not be available (not compiled
-by default).
-
-The code works fine with the current libsystemd, so just
-use that.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- src/common/CMakeLists.txt | 2 +-
- src/server/CMakeLists.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 2da9c3e..968c7c1 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -3,7 +3,7 @@ SET(COMMON_VERSION ${COMMON_VERSION_MAJOR}.0.2)
-
- PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
-- libsystemd-journal
-+ libsystemd
- libsmack
- db-util
- cynara-admin
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 753eb96..6849d76 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -1,6 +1,6 @@
- PKG_CHECK_MODULES(SERVER_DEP
- REQUIRED
-- libsystemd-daemon
-+ libsystemd
- )
-
- FIND_PACKAGE(Boost REQUIRED)
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
deleted file mode 100644
index b6346480b..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From a90515613f09140049b2bdf471fa83d5dd7bad1c Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Wed, 19 Aug 2015 15:02:32 +0200
-Subject: [PATCH 02/14] security-manager-policy-reload: do not depend on GNU
- sed
-
-\U (= make replacement uppercase) is a GNU sed extension which is not
-supported by other sed implementation's (like the one from
-busybox). When using busybox, the bucket for user profiles became
-USER_TYPE_Uadmin instead USER_TYPE_ADMIN.
-
-To make SecurityManager more portable, better use tr to turn the
-bucket name into uppercase.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- policy/security-manager-policy-reload | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..6f211c6 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -33,7 +33,7 @@ END
- find "$POLICY_PATH" -name "usertype-*.profile" |
- while read file
- do
-- bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\U\1|'`"
-+ bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`"
-
- # Re-create the bucket with empty contents
- cyad --delete-bucket=$bucket || true
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
deleted file mode 100644
index d79345e01..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:01:35 -0600
-Subject: [PATCH 03/14] Smack-rules: create two new functions
-
-It let to smack-rules to create multiple set of rules
-related with the privileges.
-
-It runs from the same bases than for a static set of rules on the
-template, but let you add 1 or many templates for different cases.
-
-Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/include/smack-rules.h | 15 +++++++++++
- src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++
- 2 files changed, 59 insertions(+)
-
-diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
-index 91446a7..3ad9dd4 100644
---- a/src/common/include/smack-rules.h
-+++ b/src/common/include/smack-rules.h
-@@ -47,6 +47,8 @@ public:
- void addFromTemplate(const std::vector<std::string> &templateRules,
- const std::string &appId, const std::string &pkgId);
- void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
-+ void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
-+ const std::string &path);
-
- void apply() const;
- void clear() const;
-@@ -74,6 +76,19 @@ public:
- */
- static void installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents);
-+ /**
-+ * Install privileges-specific smack rules.
-+ *
-+ * Function creates smack rules using predefined template. Rules are applied
-+ * to the kernel and saved on persistent storage so they are loaded on system boot.
-+ *
-+ * @param[in] appId - application id that is beeing installed
-+ * @param[in] pkgId - package id that the application is in
-+ * @param[in] pkgContents - a list of all applications in the package
-+ * @param[in] privileges - a list of all prvileges
-+ */
-+ static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
- /**
- * Uninstall package-specific smack rules.
- *
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 3629e0f..922a56f 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
- }
- }
-
-+void SmackRules::addFromTemplateFile(const std::string &appId,
-+ const std::string &pkgId, const std::string &path)
-+{
-+ std::vector<std::string> templateRules;
-+ std::string line;
-+ std::ifstream templateRulesFile(path);
-+
-+ if (!templateRulesFile.is_open()) {
-+ LogError("Cannot open rules template file: " << path);
-+ ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
-+ }
-+
-+ while (std::getline(templateRulesFile, line)) {
-+ templateRules.push_back(line);
-+ }
-+
-+ if (templateRulesFile.bad()) {
-+ LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ }
-+
-+ addFromTemplate(templateRules, appId, pkgId);
-+}
-
- void SmackRules::addFromTemplateFile(const std::string &appId,
- const std::string &pkgId)
-@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
- return path;
- }
-+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-+{
-+ SmackRules smackRules;
-+ std::string appPath = getApplicationRulesFilePath(appId);
-+ smackRules.loadFromFile(appPath);
-+ struct stat buffer;
-+ for (auto privilege : privileges) {
-+ if (privilege.empty())
-+ continue;
-+ std::string fprivilege ( privilege + "-template.smack");
-+ std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ if( stat(path.c_str(), &buffer) == 0)
-+ smackRules.addFromTemplateFile(appId, pkgId, path);
-+ }
-+
-+ if (smack_smackfs_path() != NULL)
-+ smackRules.apply();
-
-+ smackRules.saveToFile(appPath);
-+ updatePackageRules(pkgId, pkgContents);
-+}
- void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents)
- {
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
deleted file mode 100644
index 59d4971ff..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a5979d9d674e400ecd7fcdf5d7589cfa0cfeb492 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:06:23 -0600
-Subject: [PATCH 04/14] app-install: implement multiple set of smack-rules
-
-If it's need it could create load multiple set of smack rules
-related with the privileges.
-It wouldn't affect the case that only the default set of rules is need it.
-
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/service_impl.cpp | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index 7fd621c..ae305d3 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -338,6 +338,12 @@ int appInstall(const app_inst_req &req, uid_t uid)
- LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
- << req.pkgId << ". Applications in package: " << pkgContents.size());
- SmackRules::installApplicationRules(req.appId, req.pkgId, pkgContents);
-+ /*Setup for privileges custom rules*/
-+ LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
-+ << req.pkgId << ". Applications in package: " << pkgContents.size()
-+ << " and Privileges");
-+ SmackRules::installApplicationPrivilegesRules(req.appId, req.pkgId,
-+ pkgContents,req.privileges);
- } catch (const SmackException::Base &e) {
- LogError("Error while applying Smack policy for application: " << e.DumpToString());
- return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
deleted file mode 100644
index 0739f28c7..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 198ba9b9782fda19803e94d2afeff91189ac27af Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
-Date: Wed, 13 Jan 2016 17:30:06 +0100
-Subject: [PATCH 05/14] c++11: replace deprecated auto_ptr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream-Status: Submitted [https://review.tizen.org/gerrit/#/c/56940/]
-
-Change-Id: Id793c784c9674eef48f346226c094bdd9f7bbda8
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/dpl/core/include/dpl/binary_queue.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/include/dpl/binary_queue.h b/src/dpl/core/include/dpl/binary_queue.h
-index dd03f5e..185b6c7 100644
---- a/src/dpl/core/include/dpl/binary_queue.h
-+++ b/src/dpl/core/include/dpl/binary_queue.h
-@@ -33,7 +33,7 @@ namespace SecurityManager {
- * Binary queue auto pointer
- */
- class BinaryQueue;
--typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-+typedef std::unique_ptr<BinaryQueue> BinaryQueueAutoPtr;
-
- /**
- * Binary stream implemented as constant size bucket list
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
deleted file mode 100644
index 3b8aad98c..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From ec098bf03cea23350ca7d1ea2ad88b9c88228943 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 8 Jan 2016 16:53:46 +0100
-Subject: [PATCH 06/14] socket-manager: removes tizen specific call
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The function 'smack_fgetlabel' is specific to Tizen
-and is no more maintained upstream.
-
-Upstream-Status: Accepted [https://review.tizen.org/gerrit/#/c/56507/]
-
-Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/server/main/socket-manager.cpp | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
-index 94c54c6..5e1a79b 100644
---- a/src/server/main/socket-manager.cpp
-+++ b/src/server/main/socket-manager.cpp
-@@ -30,6 +30,7 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/smack.h>
-+#include <linux/xattr.h>
- #include <sys/un.h>
- #include <sys/stat.h>
- #include <unistd.h>
-@@ -493,9 +494,9 @@ int SocketManager::CreateDomainSocketHelp(
- if (smack_check()) {
- LogInfo("Set up smack label: " << desc.smackLabel);
-
-- if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
-- LogError("Error in smack_fsetlabel");
-- ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
-+ if (0 != smack_set_label_for_file(sockfd, XATTR_NAME_SMACKIPIN, desc.smackLabel.c_str())) {
-+ LogError("Error in smack_set_label_for_file");
-+ ThrowMsg(Exception::InitFailed, "Error in smack_set_label_for_file");
- }
- } else {
- LogInfo("No smack on platform. Socket won't be securied with smack label!");
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
deleted file mode 100644
index bad99d25a..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 9d0791dab4b4df086374c5c0ba2a6558e10e81c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 15:56:27 +0100
-Subject: [PATCH 07/14] removes dependency to libslp-db-utils
-
-Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec
----
- src/common/CMakeLists.txt | 3 ++-
- src/dpl/db/src/sql_connection.cpp | 17 +----------------
- 2 files changed, 3 insertions(+), 17 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 968c7c1..9ae376f 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
- libsystemd
- libsmack
-- db-util
-+ sqlite3
-+ icu-i18n
- cynara-admin
- cynara-client
- )
-diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp
-index fdb4fe4..f49a6dc 100644
---- a/src/dpl/db/src/sql_connection.cpp
-+++ b/src/dpl/db/src/sql_connection.cpp
-@@ -26,7 +26,6 @@
- #include <memory>
- #include <dpl/noncopyable.h>
- #include <dpl/assert.h>
--#include <db-util.h>
- #include <unistd.h>
- #include <cstdio>
- #include <cstdarg>
-@@ -606,16 +605,7 @@ void SqlConnection::Connect(const std::string &address,
-
- // Connect to database
- int result;
-- if (type & Flag::UseLucene) {
-- result = db_util_open_with_options(
-- address.c_str(),
-- &m_connection,
-- flag,
-- NULL);
--
-- m_usingLucene = true;
-- LogPedantic("Lucene index enabled");
-- } else {
-+ (void)type;
- result = sqlite3_open_v2(
- address.c_str(),
- &m_connection,
-@@ -624,7 +614,6 @@ void SqlConnection::Connect(const std::string &address,
-
- m_usingLucene = false;
- LogPedantic("Lucene index disabled");
-- }
-
- if (result == SQLITE_OK) {
- LogPedantic("Connected to DB");
-@@ -653,11 +642,7 @@ void SqlConnection::Disconnect()
-
- int result;
-
-- if (m_usingLucene) {
-- result = db_util_close(m_connection);
-- } else {
- result = sqlite3_close(m_connection);
-- }
-
- if (result != SQLITE_OK) {
- const char *error = sqlite3_errmsg(m_connection);
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
deleted file mode 100644
index 5ece7ef4f..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a1d9b40b4fa2e73d31a53e398c286bffeaae1732 Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Wed, 12 Oct 2016 17:48:55 +0200
-Subject: [PATCH 08/14] Fix gcc6 build
-
-Signed-off-by: ronan <ronan@ot.bzh>
----
- src/client/client-security-manager.cpp | 1 +
- src/common/include/privilege_db.h | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
-index 74a6b30..347cddd 100644
---- a/src/client/client-security-manager.cpp
-+++ b/src/client/client-security-manager.cpp
-@@ -46,6 +46,7 @@
- #include <service_impl.h>
- #include <security-manager.h>
- #include <client-offline.h>
-+#include <linux/xattr.h>
-
- static const char *EMPTY = "";
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 4d73d90..08fb9d6 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -32,6 +32,7 @@
- #include <map>
- #include <stdbool.h>
- #include <string>
-+#include <vector>
-
- #include <dpl/db/sql_connection.h>
- #include <tzplatform_config.h>
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
deleted file mode 100644
index 706eb1a93..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 382379d74221bcc60a0ab70d63430a1c0587b2ec Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Thu, 13 Oct 2016 11:37:47 +0200
-Subject: [PATCH 09/14] Fix Cmake conf for gcc6 build
-
-Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
----
- src/cmd/CMakeLists.txt | 4 +---
- src/server/CMakeLists.txt | 1 -
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
-index ee9a160..aa7a12c 100644
---- a/src/cmd/CMakeLists.txt
-+++ b/src/cmd/CMakeLists.txt
-@@ -1,8 +1,6 @@
- FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options)
-
--INCLUDE_DIRECTORIES(SYSTEM
-- ${Boost_INCLUDE_DIRS}
-- )
-+
-
- INCLUDE_DIRECTORIES(
- ${INCLUDE_PATH}
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 6849d76..9598037 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
-
- INCLUDE_DIRECTORIES(SYSTEM
- ${SERVER_DEP_INCLUDE_DIRS}
-- ${Boost_INCLUDE_DIRS}
- ${Threads_INCLUDE_DIRS}
- )
-
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
deleted file mode 100644
index 0f48c5f68..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 8e93699c0f225716f3cd5eff790270ae9e3880f9 Mon Sep 17 00:00:00 2001
-From: Changhyeok Bae <changhyeok.bae@gmail.com>
-Date: Sun, 17 Dec 2017 15:40:58 +0000
-Subject: [PATCH 10/14] gcc-7 requires include <functional> for std::function
-
-Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
----
- src/client/client-common.cpp | 1 +
- src/common/smack-labels.cpp | 1 +
- src/dpl/core/src/binary_queue.cpp | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
-index 883ab8d..1babdf7 100644
---- a/src/client/client-common.cpp
-+++ b/src/client/client-common.cpp
-@@ -31,6 +31,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <unistd.h>
-+#include <functional>
-
- #include <dpl/log/log.h>
- #include <dpl/serialization.h>
-diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
-index 0294a42..1598099 100644
---- a/src/common/smack-labels.cpp
-+++ b/src/common/smack-labels.cpp
-@@ -29,6 +29,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <memory>
-+#include <functional>
- #include <fts.h>
- #include <cstring>
- #include <string>
-diff --git a/src/dpl/core/src/binary_queue.cpp b/src/dpl/core/src/binary_queue.cpp
-index 72817a6..838409f 100644
---- a/src/dpl/core/src/binary_queue.cpp
-+++ b/src/dpl/core/src/binary_queue.cpp
-@@ -26,6 +26,7 @@
- #include <malloc.h>
- #include <cstring>
- #include <new>
-+#include <functional>
-
- namespace SecurityManager {
- BinaryQueue::BinaryQueue() :
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
deleted file mode 100644
index 5c679fc26..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 243b7ffee16558d7cb9b411f49380138efeffca9 Mon Sep 17 00:00:00 2001
-From: Stephane Desneux <stephane.desneux@iot.bzh>
-Date: Fri, 1 Feb 2019 12:26:17 +0000
-Subject: [PATCH 11/14] Fix gcc8 warning/error [-Werror=catch-value=]
-
-Fixes the following warning/error during compile:
-
-src/dpl/core/src/assert.cpp:61:14: error: catching polymorphic type 'class SecurityManager::Exception' by value [-Werror=catch-value=]
-| } catch (Exception) {
-| ^~~~~~~~~
-
-Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
----
- src/dpl/core/src/assert.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/src/assert.cpp b/src/dpl/core/src/assert.cpp
-index 63538a2..fc60ce9 100644
---- a/src/dpl/core/src/assert.cpp
-+++ b/src/dpl/core/src/assert.cpp
-@@ -58,7 +58,7 @@ void AssertProc(const char *condition,
- INTERNAL_LOG("### Function: " << function);
- INTERNAL_LOG(
- "################################################################################");
-- } catch (Exception) {
-+ } catch (Exception const&) {
- // Just ignore possible double errors
- }
-
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
deleted file mode 100644
index 91ccf9ee2..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 5ee51d38575f289c2bf37ed817ef680ed47bb320 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 1 Feb 2019 15:37:44 +0100
-Subject: [PATCH 12/14] Avoid casting from "const T&" to "void*"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Latest version of g++ refuse the cast
-
- reinterpret_cast<void (Service::*)(void*)>(serviceFunction)
-
-I made no investigation to know if the problem
-is coming from the const or not.
-
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- src/server/main/include/service-thread.h | 42 ++++++++++--------------
- 1 file changed, 18 insertions(+), 24 deletions(-)
-
-diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h
-index 964d168..61fdda8 100644
---- a/src/server/main/include/service-thread.h
-+++ b/src/server/main/include/service-thread.h
-@@ -94,7 +94,7 @@ public:
- Join();
- while (!m_eventQueue.empty()){
- auto front = m_eventQueue.front();
-- delete front.eventPtr;
-+ delete front;
- m_eventQueue.pop();
- }
- }
-@@ -104,34 +104,28 @@ public:
- Service *servicePtr,
- void (Service::*serviceFunction)(const T &))
- {
-- EventDescription description;
-- description.serviceFunctionPtr =
-- reinterpret_cast<void (Service::*)(void*)>(serviceFunction);
-- description.servicePtr = servicePtr;
-- description.eventFunctionPtr = &ServiceThread::EventCall<T>;
-- description.eventPtr = new T(event);
-+ EventCallerBase *ec = new EventCaller<T>(event, servicePtr, serviceFunction);
- {
- std::lock_guard<std::mutex> lock(m_eventQueueMutex);
-- m_eventQueue.push(description);
-+ m_eventQueue.push(ec);
- }
- m_waitCondition.notify_one();
- }
-
- protected:
-
-- struct EventDescription {
-- void (Service::*serviceFunctionPtr)(void *);
-- Service *servicePtr;
-- void (ServiceThread::*eventFunctionPtr)(const EventDescription &event);
-- GenericEvent* eventPtr;
-+ struct EventCallerBase {
-+ virtual void fire() = 0;
-+ virtual ~EventCallerBase() {}
- };
-
- template <class T>
-- void EventCall(const EventDescription &desc) {
-- auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr);
-- const T& eventLocale = *(static_cast<T*>(desc.eventPtr));
-- (desc.servicePtr->*fun)(eventLocale);
-- }
-+ struct EventCaller : public EventCallerBase {
-+ T *event; Service *target; void (Service::*function)(const T&);
-+ EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {}
-+ ~EventCaller() { delete event; }
-+ void fire() { (target->*function)(*event); }
-+ };
-
- static void ThreadLoopStatic(ServiceThread *ptr) {
- ptr->ThreadLoop();
-@@ -139,33 +133,33 @@ protected:
-
- void ThreadLoop(){
- for (;;) {
-- EventDescription description = {NULL, NULL, NULL, NULL};
-+ EventCallerBase *ec = NULL;
- {
- std::unique_lock<std::mutex> ulock(m_eventQueueMutex);
- if (m_quit)
- return;
- if (!m_eventQueue.empty()) {
-- description = m_eventQueue.front();
-+ ec = m_eventQueue.front();
- m_eventQueue.pop();
- } else {
- m_waitCondition.wait(ulock);
- }
- }
-
-- if (description.eventPtr != NULL) {
-+ if (ec != NULL) {
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
-- (this->*description.eventFunctionPtr)(description);
-- delete description.eventPtr;
-+ ec->fire();
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-+ delete ec;
- }
- }
- }
-
- std::thread m_thread;
- std::mutex m_eventQueueMutex;
-- std::queue<EventDescription> m_eventQueue;
-+ std::queue<EventCallerBase*> m_eventQueue;
- std::condition_variable m_waitCondition;
-
- State m_state;
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
deleted file mode 100644
index fb6215923..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
+++ /dev/null
@@ -1,259 +0,0 @@
-From 6c96a39ba7a7763ccd47e379dbfd8d376164985f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 14:26:25 +0100
-Subject: [PATCH 13/14] Removing tizen-platform-config
-
-Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
----
- CMakeLists.txt | 16 +++++++-
- db/CMakeLists.txt | 2 +-
- policy/CMakeLists.txt | 1 +
- ...load => security-manager-policy-reload.in} | 4 +-
- src/common/file-lock.cpp | 4 +-
- src/common/include/file-lock.h | 1 -
- src/common/include/privilege_db.h | 3 +-
- src/common/service_impl.cpp | 39 ++++++-------------
- src/common/smack-rules.cpp | 12 ++----
- 9 files changed, 37 insertions(+), 45 deletions(-)
- rename policy/{security-manager-policy-reload => security-manager-policy-reload.in} (94%)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 28790d8..37a43cc 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -49,7 +49,7 @@ ADD_DEFINITIONS("-Wall") # Generate all warnings
- ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-
- STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
--ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-+ADD_DEFINITIONS("-DAPI_VERSION=\"${API_VERSION}\"")
-
- ADD_DEFINITIONS("-DSMACK_ENABLED")
-
-@@ -58,6 +58,20 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
- ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
- ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
-
-+SET(DATADIR "/usr/share/security-manager" CACHE STRING "path to data directory")
-+SET(SMACKRULESDIR "/etc/smack/accesses.d" CACHE STRING "path to Smack rules directory")
-+SET(LOCKDIR "/var/run/lock" CACHE STRING "path to lock directory")
-+SET(DB_INSTALL_DIR "/var/db/security-manager" CACHE STRING "path to database directory")
-+SET(DB_FILENAME ".security-manager.db" CACHE STRING "basename of database")
-+SET(GLOBALUSER "userapp" CACHE STRING "name of the global user")
-+
-+ADD_DEFINITIONS("-DDATADIR=\"${DATADIR}\"")
-+ADD_DEFINITIONS("-DSMACKRULESDIR=\"${SMACKRULESDIR}\"")
-+ADD_DEFINITIONS("-DLOCKDIR=\"${LOCKDIR}\"")
-+ADD_DEFINITIONS("-DDB_INSTALL_DIR=\"${DB_INSTALL_DIR}\"")
-+ADD_DEFINITIONS("-DDB_FILENAME=\"${DB_FILENAME}\"")
-+ADD_DEFINITIONS("-DGLOBALUSER=\"${GLOBALUSER}\"")
-+
- ADD_SUBDIRECTORY(src)
- ADD_SUBDIRECTORY(pc)
- ADD_SUBDIRECTORY(systemd)
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index 9e8ffcc..d7af1a0 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,4 +1,4 @@
--SET(TARGET_DB ".security-manager.db")
-+SET(TARGET_DB "$(DB_FILENAME)")
-
- ADD_CUSTOM_COMMAND(
- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt
-index bd08edc..626a2bd 100644
---- a/policy/CMakeLists.txt
-+++ b/policy/CMakeLists.txt
-@@ -1,4 +1,5 @@
- FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
-+CONFIGURE_FILE(security-manager-policy-reload.in security-manager-policy-reload @ONLY)
- INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload.in
-similarity index 94%
-rename from policy/security-manager-policy-reload
-rename to policy/security-manager-policy-reload.in
-index 6f211c6..c1bc4e2 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload.in
-@@ -1,8 +1,8 @@
- #!/bin/sh -e
-
--POLICY_PATH=/usr/share/security-manager/policy
-+POLICY_PATH=@DATADIR@/policy
- PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
--DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
-+DB_FILE=@DB_INSTALL_DIR@/@DB_FILENAME@
-
- # Create default buckets
- while read bucket default_policy
-diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
-index 6f3996c..88d2092 100644
---- a/src/common/file-lock.cpp
-+++ b/src/common/file-lock.cpp
-@@ -30,9 +30,7 @@
-
- namespace SecurityManager {
-
--char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
-- "lock",
-- "security-manager.lock");
-+char const * const SERVICE_LOCK_FILE = LOCKDIR "/security-manager.lock";
-
- FileLocker::FileLocker(const std::string &lockFile, bool blocking)
- {
-diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
-index 604b019..21a86a0 100644
---- a/src/common/include/file-lock.h
-+++ b/src/common/include/file-lock.h
-@@ -29,7 +29,6 @@
-
- #include <dpl/exception.h>
- #include <dpl/noncopyable.h>
--#include <tzplatform_config.h>
-
- namespace SecurityManager {
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 08fb9d6..3344987 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -35,14 +35,13 @@
- #include <vector>
-
- #include <dpl/db/sql_connection.h>
--#include <tzplatform_config.h>
-
- #ifndef PRIVILEGE_DB_H_
- #define PRIVILEGE_DB_H_
-
- namespace SecurityManager {
-
--const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-+const char *const PRIVILEGE_DB_PATH = DB_INSTALL_DIR "/" DB_FILENAME;
-
- enum class QueryType {
- EGetPkgPrivileges,
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index ae305d3..42150fe 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -32,7 +32,6 @@
- #include <algorithm>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "protocols.h"
- #include "privilege_db.h"
-@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
-
- static uid_t getGlobalUserId(void)
- {
-- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-+ static uid_t globaluid = 0;
-+ if (!globaluid) {
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwnam_r(GLOBALUSER, &pw, buf, sizeof buf, &p);
-+ globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
-+ }
- return globaluid;
- }
-
-@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
-
- static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
- {
-- struct tzplatform_context *tz_ctx = nullptr;
--
-- if (tzplatform_context_create(&tz_ctx))
-- return false;
--
-- if (tzplatform_context_set_user(tz_ctx, uid)) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
-+ if (rc || p == NULL)
- return false;
-- }
--
-- enum tzplatform_variable id =
-- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
-- const char *appDir = tzplatform_context_getenv(tz_ctx, id);
-- if (!appDir) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-- return false;
-- }
--
-- userAppDir = appDir;
--
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
--
-+ userAppDir = p->pw_dir;
- return true;
- }
-
- static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
- {
-- std::string userHome;
- std::string userAppDir;
- std::stringstream correctPath;
-
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 922a56f..c2e0041 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -34,7 +34,6 @@
- #include <memory>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "smack-labels.h"
- #include "smack-rules.h"
-@@ -43,7 +42,7 @@ namespace SecurityManager {
-
- const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~";
- const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~";
--const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
-+const char *const APP_RULES_TEMPLATE_FILE_PATH = DATADIR "/policy/app-rules-template.smack";
- const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat";
-
- SmackRules::SmackRules()
-@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
-
- std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/pkg_" + pkgId;
- }
-
- std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/app_" + appId;
- }
- void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
- for (auto privilege : privileges) {
- if (privilege.empty())
- continue;
-- std::string fprivilege ( privilege + "-template.smack");
-- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ std::string path = DATADIR "/policy/" + privilege + "-template.smack";
- if( stat(path.c_str(), &buffer) == 0)
- smackRules.addFromTemplateFile(appId, pkgId, path);
- }
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
deleted file mode 100644
index 542a387d2..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From c7f9d14e38a1b6d40b2fffa01433a3025eff9abd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Tue, 26 Nov 2019 12:34:39 +0100
-Subject: [PATCH 14/14] Ensure post install initialization of database
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Creation of the database was made during image creation,
-leading to issue with SOTA. This adds the creation on
-need before launching the service.
-
-Change-Id: Idfd0676bd87d39f7c10eaafd63f3a318f675c972
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- db/CMakeLists.txt | 14 ++++++--------
- db/security-manager-setup | 14 ++++++++++++++
- systemd/security-manager.service.in | 1 +
- 3 files changed, 21 insertions(+), 8 deletions(-)
- create mode 100644 db/security-manager-setup
-
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index d7af1a0..dcf5bc8 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,12 +1,10 @@
--SET(TARGET_DB "$(DB_FILENAME)")
--
- ADD_CUSTOM_COMMAND(
-- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-- COMMAND sqlite3 ${TARGET_DB} <db.sql
-- )
-+ OUTPUT .security-manager-setup
-+ COMMAND sed '/--DB\.SQL--/r db.sql' security-manager-setup > .security-manager-setup
-+ DEPENDS security-manager-setup db.sql
-+)
-
- # Add a dummy build target to trigger building of ${TARGET_DB}
--ADD_CUSTOM_TARGET(DB ALL DEPENDS ${TARGET_DB})
-+ADD_CUSTOM_TARGET(DB ALL DEPENDS .security-manager-setup)
-
--INSTALL(FILES ${TARGET_DB} DESTINATION ${DB_INSTALL_DIR})
--INSTALL(FILES ${TARGET_DB}-journal DESTINATION ${DB_INSTALL_DIR})
-+INSTALL(PROGRAMS .security-manager-setup DESTINATION ${BIN_INSTALL_DIR})
-diff --git a/db/security-manager-setup b/db/security-manager-setup
-new file mode 100644
-index 0000000..5675baf
---- /dev/null
-+++ b/db/security-manager-setup
-@@ -0,0 +1,14 @@
-+#!/bin/sh
-+
-+if test -f "$1"; then exit; fi
-+set -e
-+dbdir="$(dirname "$1")"
-+dbfile="$(basename "$1")"
-+test -n "$dbfile"
-+test -n "$dbdir"
-+mkdir -p "$dbdir"
-+cd "$dbdir"
-+sqlite3 "$dbfile" << END-OF-CAT
-+--DB.SQL--
-+END-OF-CAT
-+
-diff --git a/systemd/security-manager.service.in b/systemd/security-manager.service.in
-index 23fd1b2..2bf97d7 100644
---- a/systemd/security-manager.service.in
-+++ b/systemd/security-manager.service.in
-@@ -3,5 +3,6 @@ Description=Start the security manager
-
- [Service]
- Type=notify
-+ExecStartPre=@BIN_INSTALL_DIR@/.security-manager-setup @DB_INSTALL_DIR@/@DB_FILENAME@
- ExecStart=@BIN_INSTALL_DIR@/security-manager
- Sockets=security-manager.socket
---
-2.21.0
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
deleted file mode 100644
index d9949193b..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7cffcd61378a9d7c0e7db5691b2da3a37448c969 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Thu, 30 Jan 2020 09:19:25 +0100
-Subject: [PATCH 15/15] Restrict socket accesses
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ensure that only members of the group and the owner can access
-the security manager.
-
-Bug-AGL: SPEC-3146
-
-Change-Id: I68ce6523db4bfd4707c3680555c3cb0cf8858ef2
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- systemd/security-manager.socket | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/systemd/security-manager.socket b/systemd/security-manager.socket
-index af1c1da..b401f77 100644
---- a/systemd/security-manager.socket
-+++ b/systemd/security-manager.socket
-@@ -1,6 +1,6 @@
- [Socket]
- ListenStream=/run/security-manager.socket
--SocketMode=0777
-+SocketMode=0660
- SmackLabelIPIn=*
- SmackLabelIPOut=@
-
---
-2.21.1
-
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend
deleted file mode 100644
index ba3365f12..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend
+++ /dev/null
@@ -1,13 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/security-manager:"
-
-EXTRA_OECMAKE =+ " -DGLOBALUSER=afm"
-
-SRC_URI += " \
- file://0001-Adapt-rules-to-AGL.patch \
-"
-
-do_install:append() {
- # Needed for wayland-0 socket access and memfd usage
- echo "~APP~ System::Weston rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
- echo "System::Weston ~APP~ rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
-}
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager_git.bb b/meta-app-framework/recipes-security/security-manager/security-manager_git.bb
deleted file mode 100644
index 95ae69feb..000000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager_git.bb
+++ /dev/null
@@ -1,27 +0,0 @@
-require security-manager.inc
-
-PV = "1.0.2+git${SRCPV}"
-SRCREV = "860305a595d681d650024ad07b3b0977e1fcb0a6"
-SRC_URI += "git://github.com/Samsung/security-manager.git;branch=master;protocol=https"
-S = "${WORKDIR}/git"
-
-SRC_URI += " \
- file://0001-systemd-stop-using-compat-libs.patch \
- file://0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch \
- file://0003-Smack-rules-create-two-new-functions.patch \
- file://0004-app-install-implement-multiple-set-of-smack-rules.patch \
- file://0005-c-11-replace-deprecated-auto_ptr.patch \
- file://0006-socket-manager-removes-tizen-specific-call.patch \
- file://0007-removes-dependency-to-libslp-db-utils.patch \
- file://0008-Fix-gcc6-build.patch \
- file://0009-Fix-Cmake-conf-for-gcc6-build.patch \
- file://0010-gcc-7-requires-include-functional-for-std-function.patch \
- file://0011-Fix-gcc8-warning-error-Werror-catch-value.patch \
- file://0012-Avoid-casting-from-const-T-to-void.patch \
- file://0013-Removing-tizen-platform-config.patch \
- file://0014-Ensure-post-install-initialization-of-database.patch \
- file://0015-Restrict-socket-accesses.patch \
-"
-
-# Use make with cmake and not ninja
-OECMAKE_GENERATOR = "Unix Makefiles"