summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-security
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-security')
-rw-r--r--meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch42
-rw-r--r--meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch133
-rw-r--r--meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch57
-rw-r--r--meta-security/recipes-security/audit/audit/audit-volatile.conf1
-rwxr-xr-xmeta-security/recipes-security/audit/audit/auditd153
-rw-r--r--meta-security/recipes-security/audit/audit/auditd.service20
-rw-r--r--meta-security/recipes-security/audit/audit_2.8.5.bb106
-rw-r--r--meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb23
-rw-r--r--meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb30
-rwxr-xr-xmeta-security/recipes-security/cynagora/cynagora/run-ptest4
-rw-r--r--meta-security/recipes-security/cynagora/cynagora_2.1.bb38
-rw-r--r--meta-security/recipes-security/security-manager/security-manager.inc83
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch47
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch36
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch117
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch34
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch32
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch47
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch78
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch38
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch40
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch51
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch32
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch122
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch259
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch78
-rw-r--r--meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch34
-rw-r--r--meta-security/recipes-security/security-manager/security-manager_git.bb27
-rw-r--r--meta-security/recipes-security/smacknet/files/smacknet184
-rw-r--r--meta-security/recipes-security/smacknet/files/smacknet.service11
-rw-r--r--meta-security/recipes-security/smacknet/smacknet.bb29
31 files changed, 0 insertions, 1986 deletions
diff --git a/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch b/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
deleted file mode 100644
index 6e1827c08..000000000
--- a/meta-security/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From df878b92e01f4d1c3de7f7d8229cea6a431509eb Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 19 Feb 2020 15:23:40 +0800
-Subject: [PATCH] lib/i386_table.h: add new syscall
-
-On 32bit system,
-After upgrade glibc to 2.31
- # strace -o /tmp/test.log date -s 09:16:45
- # tail -f /tmp/test.log
- close(3) = 0
- stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0
- clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0
- fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0
- ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0
- write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29
- close(1) = 0
- close(2) = 0
- exit_group(0) = ?
- +++ exited with 0 +++
-
-It means the clock_settime64 syscall is used, so
-add the syscall.
-
-Upstream-Status: Submitted [https://github.com/linux-audit/audit-userspace/pull/116]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- lib/i386_table.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/i386_table.h b/lib/i386_table.h
-index 1a64c88..65fd4d9 100644
---- a/lib/i386_table.h
-+++ b/lib/i386_table.h
-@@ -405,3 +405,4 @@ _S(383, "statx")
- _S(384, "arch_prctl")
- _S(385, "io_pgetevents")
- _S(386, "rseq")
-+_S(404, "clock_settime64")
---
-2.7.4
-
diff --git a/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
deleted file mode 100644
index bb6c61e80..000000000
--- a/meta-security/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Tue, 26 Feb 2019 18:33:33 -0500
-Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
-
-Upstream-Status: Backport
-[https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e]
----
- auparse/auparse.c | 12 +++++++++++-
- auparse/interpret.c | 9 ++++++++-
- configure.ac | 14 +++++++++++++-
- src/ausearch-lol.c | 12 +++++++++++-
- 4 files changed, 43 insertions(+), 4 deletions(-)
-
-diff --git a/auparse/auparse.c b/auparse/auparse.c
-index 650db02..2e1c737 100644
---- a/auparse/auparse.c
-+++ b/auparse/auparse.c
-@@ -1,5 +1,5 @@
- /* auparse.c --
-- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
-+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
-@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /* Returns 0 on success and 1 on error */
- static int extract_timestamp(const char *b, au_event_t *e)
- {
-diff --git a/auparse/interpret.c b/auparse/interpret.c
-index 51c4a5e..67b7b77 100644
---- a/auparse/interpret.c
-+++ b/auparse/interpret.c
-@@ -853,6 +853,13 @@ err_out:
- return print_escaped(id->val);
- }
-
-+// rawmemchr is faster. Let's use it if we have it.
-+#ifdef HAVE_RAWMEMCHR
-+#define STRCHR rawmemchr
-+#else
-+#define STRCHR strchr
-+#endif
-+
- static const char *print_proctitle(const char *val)
- {
- char *out = (char *)print_escaped(val);
-@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
- // Proctitle has arguments separated by NUL bytes
- // We need to write over the NUL bytes with a space
- // so that we can see the arguments
-- while ((ptr = rawmemchr(ptr, '\0'))) {
-+ while ((ptr = STRCHR(ptr, '\0'))) {
- if (ptr >= end)
- break;
- *ptr = ' ';
-diff --git a/configure.ac b/configure.ac
-index 54bdbf1..aef07fb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1,7 +1,7 @@
- dnl
- define([AC_INIT_NOTICE],
- [### Generated automatically using autoconf version] AC_ACVERSION [
--### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
-+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
- ###
- ### Permission is hereby granted, free of charge, to any person obtaining a
- ### copy of this software and associated documentation files (the "Software"),
-@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
- AC_CHECK_FUNCS([posix_fallocate])
- dnl; signalfd is needed for libev
- AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
-+dnl; check if rawmemchr is available
-+AC_CHECK_FUNCS([rawmemchr])
-+dnl; check if strndupa is available
-+AC_LINK_IFELSE(
-+ [AC_LANG_SOURCE(
-+ [[
-+ #define _GNU_SOURCE
-+ #include <string.h>
-+ int main() { (void) strndupa("test", 10); return 0; }]])],
-+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
-+ []
-+)
-
- ALLWARNS=""
- ALLDEBUG="-g"
-diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
-index 5d17a72..758c33e 100644
---- a/src/ausearch-lol.c
-+++ b/src/ausearch-lol.c
-@@ -1,6 +1,6 @@
- /*
- * ausearch-lol.c - linked list of linked lists library
--* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
-+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This software may be freely redistributed and/or modified under the
-@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /*
- * This function will look at the line and pick out pieces of it.
- */
---
-2.7.4
-
diff --git a/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
deleted file mode 100644
index 7c2699540..000000000
--- a/meta-security/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Sun, 19 Jul 2015 02:42:58 +0900
-Subject: [PATCH] audit: Fixed swig host contamination issue
-
-The audit build uses swig to generate a python wrapper.
-Unfortunately, the swig info file references host include
-directories. Some of these were previously noticed and
-eliminated, but the one fixed here was not.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
-Signed-off-by: Joe Slater <jslater@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- bindings/swig/python3/Makefile.am | 3 ++-
- bindings/swig/src/auditswig.i | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index 9938418..fa46aac 100644
---- a/bindings/swig/python3/Makefile.am
-+++ b/bindings/swig/python3/Makefile.am
-@@ -22,6 +22,7 @@
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS)
- AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-+STDINC ?= /usr/include
- LIBS = $(top_builddir)/lib/libaudit.la
- SWIG_FLAGS = -python -py3 -modern
- SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
- _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
- nodist__audit_la_SOURCES = audit_wrap.c
- audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
-- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i
-+ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i
-
- CLEANFILES = audit.py* audit_wrap.c *~
-
-diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 7ebb373..424fb68 100644
---- a/bindings/swig/src/auditswig.i
-+++ b/bindings/swig/src/auditswig.i
-@@ -39,7 +39,7 @@ signed
- #define __attribute(X) /*nothing*/
- typedef unsigned __u32;
- typedef unsigned uid_t;
--%include "/usr/include/linux/audit.h"
-+%include "linux/audit.h"
- #define __extension__ /*nothing*/
- #include <stdint.h>
- %include "../lib/libaudit.h"
---
-2.7.4
-
diff --git a/meta-security/recipes-security/audit/audit/audit-volatile.conf b/meta-security/recipes-security/audit/audit/audit-volatile.conf
deleted file mode 100644
index 9cbe1547a..000000000
--- a/meta-security/recipes-security/audit/audit/audit-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d /var/log/audit 0750 root root -
diff --git a/meta-security/recipes-security/audit/audit/auditd b/meta-security/recipes-security/audit/audit/auditd
deleted file mode 100755
index cda2e43d4..000000000
--- a/meta-security/recipes-security/audit/audit/auditd
+++ /dev/null
@@ -1,153 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: auditd
-# Required-Start: $local_fs
-# Required-Stop: $local_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Audit Daemon
-# Description: Collects audit information from Linux 2.6 Kernels.
-### END INIT INFO
-
-# Author: Philipp Matthias Hahn <pmhahn@debian.org>
-# Based on Debians /etc/init.d/skeleton and Auditds init.d/auditd.init
-
-# June, 2012: Adopted for yocto <amy.fong@windriver.com>
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-DESC="audit daemon"
-NAME=auditd
-DAEMON=/sbin/auditd
-PIDFILE=/var/run/"$NAME".pid
-SCRIPTNAME=/etc/init.d/"$NAME"
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/"$NAME" ] && . /etc/default/"$NAME"
-
-. /etc/default/rcS
-
-. /etc/init.d/functions
-
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
- start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test > /dev/null \
- || return 1
- start-stop-daemon -S --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- \
- $EXTRAOPTIONS \
- || return 2
- if [ -f /etc/audit/audit.rules ]
- then
- /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
- fi
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- start-stop-daemon -K --quiet --pidfile "$PIDFILE" --name "$NAME"
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- # Many daemons don't delete their pidfiles when they exit.
- rm -f "$PIDFILE"
- rm -f /var/run/audit_events
- # Remove watches so shutdown works cleanly
- case "$AUDITD_CLEAN_STOP" in
- no|NO) ;;
- *) /sbin/auditctl -D >/dev/null ;;
- esac
- return "$RETVAL"
-}
-
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
- start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME
- return 0
-}
-
-if [ ! -e /var/log/audit ]; then
- mkdir -p /var/log/audit
- [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit
-fi
-
-case "$1" in
- start)
- [ "$VERBOSE" != no ] && echo "Starting $DESC" "$NAME"
- do_start
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && echo 0 ;;
- 2) [ "$VERBOSE" != no ] && echo 1 ;;
- esac
- ;;
- stop)
- [ "$VERBOSE" != no ] && echo "Stopping $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && echo 0 ;;
- 2) [ "$VERBOSE" != no ] && echo 1 ;;
- esac
- ;;
- reload|force-reload)
- echo "Reloading $DESC" "$NAME"
- do_reload
- echo $?
- ;;
- restart)
- echo "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- case "$?" in
- 0) echo 0 ;;
- 1) echo 1 ;; # Old process is still running
- *) echo 1 ;; # Failed to start
- esac
- ;;
- *)
- # Failed to stop
- echo 1
- ;;
- esac
- ;;
- rotate)
- echo "Rotating $DESC logs" "$NAME"
- start-stop-daemon -K --signal USR1 --quiet --pidfile "$PIDFILE" --name "$NAME"
- echo $?
- ;;
- status)
- pidofproc "$DAEMON" >/dev/null
- status=$?
- if [ $status -eq 0 ]; then
- echo "$NAME is running."
- else
- echo "$NAME is not running."
- fi
- exit $status
- ;;
- *)
- echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|rotate|status}" >&2
- exit 3
- ;;
-esac
-
-:
diff --git a/meta-security/recipes-security/audit/audit/auditd.service b/meta-security/recipes-security/audit/audit/auditd.service
deleted file mode 100644
index ebc079897..000000000
--- a/meta-security/recipes-security/audit/audit/auditd.service
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-DefaultDependencies=no
-After=local-fs.target
-Conflicts=shutdown.target
-Before=sysinit.target shutdown.target
-After=systemd-tmpfiles-setup.service
-
-[Service]
-ExecStart=/sbin/auditd -n
-## To use augenrules, copy this file to /etc/systemd/system/auditd.service
-## and uncomment the next line and delete/comment out the auditctl line.
-## Then copy existing rules to /etc/audit/rules.d/
-## Not doing this last step can cause loss of existing rules
-#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-security/recipes-security/audit/audit_2.8.5.bb b/meta-security/recipes-security/audit/audit_2.8.5.bb
deleted file mode 100644
index af36ed5e2..000000000
--- a/meta-security/recipes-security/audit/audit_2.8.5.bb
+++ /dev/null
@@ -1,106 +0,0 @@
-SUMMARY = "User space tools for kernel auditing"
-DESCRIPTION = "The audit package contains the user space utilities for \
-storing and searching the audit records generated by the audit subsystem \
-in the Linux kernel."
-HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
-SECTION = "base"
-LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \
- file://Add-substitue-functions-for-strndupa-rawmemchr.patch \
- file://Fixed-swig-host-contamination-issue.patch \
- file://0001-lib-i386_table.h-add-new-syscall.patch \
- file://auditd \
- file://auditd.service \
- file://audit-volatile.conf \
-"
-
-S = "${WORKDIR}/git"
-SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
-
-inherit autotools python3native update-rc.d systemd
-
-UPDATERCPN = "auditd"
-INITSCRIPT_NAME = "auditd"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_PACKAGES = "auditd"
-SYSTEMD_SERVICE_auditd = "auditd.service"
-
-DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
-
-EXTRA_OECONF += "--without-prelude \
- --with-libwrap \
- --enable-gssapi-krb5=no \
- --with-libcap-ng=yes \
- --with-python3=yes \
- --libdir=${base_libdir} \
- --sbindir=${base_sbindir} \
- --without-python \
- --without-golang \
- --disable-zos-remote \
- "
-EXTRA_OECONF_append_arm = " --with-arm=yes"
-EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes"
-
-EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
- pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
- STDINC='${STAGING_INCDIR}' \
- pkgconfigdir=${libdir}/pkgconfig \
- "
-
-SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
-DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
-interface to the audit system, audispd. These plugins can do things \
-like relay events to remote machines or analyze events for suspicious \
-behavior."
-
-PACKAGES =+ "audispd-plugins"
-PACKAGES += "auditd ${PN}-python"
-
-FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
-FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
-FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
- ${sysconfdir}/audisp/plugins.d/au-remote.conf \
- ${sbindir}/audisp-remote ${localstatedir}/spool/audit \
- "
-FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
-FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-
-CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
-RDEPENDS_auditd += "bash"
-
-do_install_append() {
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
-
- # reuse auditd config
- [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
- mv ${D}/etc/sysconfig/auditd ${D}/etc/default
- rmdir ${D}/etc/sysconfig/
-
- # replace init.d
- install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
- rm -rf ${D}/etc/rc.d
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- install -d ${D}${sysconfdir}/tmpfiles.d/
- install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
- fi
-
- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
-
- # audit-2.5 doesn't install any rules by default, so we do that here
- mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
- cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
-
- chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
- chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
-
- # Based on the audit.spec "Copy default rules into place on new installation"
- cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
-}
diff --git a/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb b/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb
deleted file mode 100644
index c77c99189..000000000
--- a/meta-security/recipes-security/cynagoauth/cynagoauth_0.1.bb
+++ /dev/null
@@ -1,23 +0,0 @@
-DESCRIPTION = "OAuth server using cynagora backend"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagoauth.git;protocol=https;branch=${AGL_BRANCH}"
-SRCREV = "26a5dbddf3a9bfde481a6fcd2aae16c7ecba665f"
-PV = "0.1+git${SRCPV}"
-
-S = "${WORKDIR}/git"
-
-DEPENDS = "json-c libmicrohttpd openssl cynagora"
-
-inherit cmake
-
-EXTRA_OECMAKE += " \
- -DDEFAULTHOSTS=:7777 \
- -DDEFAULTURL=http://localhost:7777/tok \
- -DUNITDIR_SYSTEM=${systemd_system_unitdir} \
-"
-
-FILES_${PN} += "${systemd_system_unitdir}"
-
-
diff --git a/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb b/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb
deleted file mode 100644
index f146051cd..000000000
--- a/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.1.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-DESCRIPTION = "Cynara service with client libraries"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}"
-SRCREV = "7d7907651c42c5c32deabc17b639e0e1765eae60"
-PV = "2.1+git${SRCPV}"
-
-S = "${WORKDIR}/git"
-
-inherit cmake
-
-PROVIDES = "cynara"
-RPROVIDES_${PN} = "cynara"
-DEPENDS = "libcap"
-RDEPENDS_${PN} = "cynagora"
-
-EXTRA_OECMAKE += " \
- -DWITH_SYSTEMD=OFF \
- -DWITH_CYNARA_COMPAT=ON \
- -DDIRECT_CYNARA_COMPAT=ON \
-"
-
-do_install_append() {
- # remove cynagora stuff
- rm $(find ${D} -name '*cynagora*')
- # remove stupid test
- rm -r ${D}${bindir}
-}
-
diff --git a/meta-security/recipes-security/cynagora/cynagora/run-ptest b/meta-security/recipes-security/cynagora/cynagora/run-ptest
deleted file mode 100755
index f95f0725b..000000000
--- a/meta-security/recipes-security/cynagora/cynagora/run-ptest
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-# test access to cynagora server
-cynagora-admin list > /dev/null
diff --git a/meta-security/recipes-security/cynagora/cynagora_2.1.bb b/meta-security/recipes-security/cynagora/cynagora_2.1.bb
deleted file mode 100644
index 73f2f0949..000000000
--- a/meta-security/recipes-security/cynagora/cynagora_2.1.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-DESCRIPTION = "Cynagora service and client libraries"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}"
-SRCREV = "7d7907651c42c5c32deabc17b639e0e1765eae60"
-PV = "2.1+git${SRCPV}"
-
-S = "${WORKDIR}/git"
-
-DEPENDS = "systemd libcap"
-
-inherit cmake
-
-EXTRA_OECMAKE += " \
- -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir} \
- -DWITH_SYSTEMD=ON \
- -DWITH_CYNARA_COMPAT=OFF \
-"
-
-inherit useradd
-USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "-r cynagora"
-USERADD_PARAM_${PN} = "\
---system --home ${localstatedir}/lib/empty \
---no-create-home --shell /bin/false \
---gid cynagora cynagora \
-"
-
-FILES_${PN} += "${systemd_system_unitdir}"
-
-PACKAGES =+ "${PN}-tools"
-FILES_${PN}-tools += "${bindir}/cynagora-admin ${bindir}/cynagora-agent"
-RDEPENDS_${PN}_append_agl-devel = " ${PN}-tools"
-
-inherit ptest
-SRC_URI_append = " file://run-ptest"
-RDEPENDS_${PN}-ptest_append = " ${PN}-tools"
diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc
deleted file mode 100644
index e1d1f4011..000000000
--- a/meta-security/recipes-security/security-manager/security-manager.inc
+++ /dev/null
@@ -1,83 +0,0 @@
-DESCRIPTION = "Security manager and utilities"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3"
-
-inherit cmake
-
-B = "${S}"
-
-DEPENDS = " \
- attr \
- boost \
- cynara \
- icu \
- libcap \
- smack \
- sqlite3 \
- systemd \
-"
-
-PACKAGECONFIG ??= ""
-PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
-
-TZ_SYS_DB ?= "/var/db/security-manager"
-
-EXTRA_OECMAKE = " \
- -DCMAKE_VERBOSE_MAKEFILE=ON \
- -DVERSION=${PV} \
- -DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
- -DBIN_INSTALL_DIR=${bindir} \
- -DDB_INSTALL_DIR=${TZ_SYS_DB} \
- -DLIB_INSTALL_DIR=${libdir} \
- -DSHARE_INSTALL_PREFIX=${datadir} \
- -DINCLUDE_INSTALL_DIR=${includedir} \
-"
-
-inherit systemd
-SYSTEMD_SERVICE_${PN} = "security-manager.service"
-
-inherit features_check
-REQUIRED_DISTRO_FEATURES += "smack"
-
-# The upstream source code contains the Tizen-specific policy configuration files.
-# To replace them, create a security-manager.bbappend and set the following variable to a
-# space-separated list of policy file names (not URIs!), for example:
-# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile"
-#
-# Leave it empty to use the upstream Tizen policy.
-SECURITY_MANAGER_POLICY ?= ""
-SRC_URI_append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}"
-python do_patch_append () {
- import os
- import shutil
- import glob
- files = d.getVar('SECURITY_MANAGER_POLICY', True).split()
- if files:
- s = d.getVar('S', True)
- workdir = d.getVar('WORKDIR', True)
- for pattern in ['*.profile', '*.list']:
- for old_file in glob.glob(s + '/policy/' + pattern):
- os.unlink(old_file)
- for file in files:
- shutil.copy(file, s + '/policy')
-}
-
-do_install_append () {
- install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants
- ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service
- install -d ${D}/${systemd_unitdir}/system/sockets.target.wants
- ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
-}
-
-RDEPENDS_${PN} += "sqlite3 cynara"
-FILES_${PN} += " \
- ${systemd_unitdir} \
- ${TZ_SYS_DB} \
- ${bindir}/.security-manager-setup \
-"
-
-PACKAGES =+ "${PN}-policy"
-FILES_${PN}-policy = " \
- ${datadir}/${PN} \
- ${bindir}/security-manager-policy-reload \
-"
diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch b/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
deleted file mode 100644
index 91ce81963..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3d9d1d83fe298a364f51ad752c17aad461beded3 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Tue, 24 Mar 2015 04:54:03 -0700
-Subject: [PATCH 01/14] systemd: stop using compat libs
-
-libsystemd-journal and libsystemd-daemon are considered obsolete
-in systemd since 2.09 and may not be available (not compiled
-by default).
-
-The code works fine with the current libsystemd, so just
-use that.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- src/common/CMakeLists.txt | 2 +-
- src/server/CMakeLists.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 2da9c3e..968c7c1 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -3,7 +3,7 @@ SET(COMMON_VERSION ${COMMON_VERSION_MAJOR}.0.2)
-
- PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
-- libsystemd-journal
-+ libsystemd
- libsmack
- db-util
- cynara-admin
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 753eb96..6849d76 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -1,6 +1,6 @@
- PKG_CHECK_MODULES(SERVER_DEP
- REQUIRED
-- libsystemd-daemon
-+ libsystemd
- )
-
- FIND_PACKAGE(Boost REQUIRED)
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch b/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
deleted file mode 100644
index b6346480b..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From a90515613f09140049b2bdf471fa83d5dd7bad1c Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Wed, 19 Aug 2015 15:02:32 +0200
-Subject: [PATCH 02/14] security-manager-policy-reload: do not depend on GNU
- sed
-
-\U (= make replacement uppercase) is a GNU sed extension which is not
-supported by other sed implementation's (like the one from
-busybox). When using busybox, the bucket for user profiles became
-USER_TYPE_Uadmin instead USER_TYPE_ADMIN.
-
-To make SecurityManager more portable, better use tr to turn the
-bucket name into uppercase.
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
----
- policy/security-manager-policy-reload | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..6f211c6 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -33,7 +33,7 @@ END
- find "$POLICY_PATH" -name "usertype-*.profile" |
- while read file
- do
-- bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\U\1|'`"
-+ bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`"
-
- # Re-create the bucket with empty contents
- cyad --delete-bucket=$bucket || true
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
deleted file mode 100644
index d79345e01..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:01:35 -0600
-Subject: [PATCH 03/14] Smack-rules: create two new functions
-
-It let to smack-rules to create multiple set of rules
-related with the privileges.
-
-It runs from the same bases than for a static set of rules on the
-template, but let you add 1 or many templates for different cases.
-
-Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/include/smack-rules.h | 15 +++++++++++
- src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++
- 2 files changed, 59 insertions(+)
-
-diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
-index 91446a7..3ad9dd4 100644
---- a/src/common/include/smack-rules.h
-+++ b/src/common/include/smack-rules.h
-@@ -47,6 +47,8 @@ public:
- void addFromTemplate(const std::vector<std::string> &templateRules,
- const std::string &appId, const std::string &pkgId);
- void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
-+ void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
-+ const std::string &path);
-
- void apply() const;
- void clear() const;
-@@ -74,6 +76,19 @@ public:
- */
- static void installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents);
-+ /**
-+ * Install privileges-specific smack rules.
-+ *
-+ * Function creates smack rules using predefined template. Rules are applied
-+ * to the kernel and saved on persistent storage so they are loaded on system boot.
-+ *
-+ * @param[in] appId - application id that is beeing installed
-+ * @param[in] pkgId - package id that the application is in
-+ * @param[in] pkgContents - a list of all applications in the package
-+ * @param[in] privileges - a list of all prvileges
-+ */
-+ static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
- /**
- * Uninstall package-specific smack rules.
- *
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 3629e0f..922a56f 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
- }
- }
-
-+void SmackRules::addFromTemplateFile(const std::string &appId,
-+ const std::string &pkgId, const std::string &path)
-+{
-+ std::vector<std::string> templateRules;
-+ std::string line;
-+ std::ifstream templateRulesFile(path);
-+
-+ if (!templateRulesFile.is_open()) {
-+ LogError("Cannot open rules template file: " << path);
-+ ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
-+ }
-+
-+ while (std::getline(templateRulesFile, line)) {
-+ templateRules.push_back(line);
-+ }
-+
-+ if (templateRulesFile.bad()) {
-+ LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
-+ }
-+
-+ addFromTemplate(templateRules, appId, pkgId);
-+}
-
- void SmackRules::addFromTemplateFile(const std::string &appId,
- const std::string &pkgId)
-@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
- return path;
- }
-+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-+{
-+ SmackRules smackRules;
-+ std::string appPath = getApplicationRulesFilePath(appId);
-+ smackRules.loadFromFile(appPath);
-+ struct stat buffer;
-+ for (auto privilege : privileges) {
-+ if (privilege.empty())
-+ continue;
-+ std::string fprivilege ( privilege + "-template.smack");
-+ std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ if( stat(path.c_str(), &buffer) == 0)
-+ smackRules.addFromTemplateFile(appId, pkgId, path);
-+ }
-+
-+ if (smack_smackfs_path() != NULL)
-+ smackRules.apply();
-
-+ smackRules.saveToFile(appPath);
-+ updatePackageRules(pkgId, pkgContents);
-+}
- void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents)
- {
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch b/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
deleted file mode 100644
index 59d4971ff..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a5979d9d674e400ecd7fcdf5d7589cfa0cfeb492 Mon Sep 17 00:00:00 2001
-From: Alejandro Joya <alejandro.joya.cruz@intel.com>
-Date: Wed, 4 Nov 2015 19:06:23 -0600
-Subject: [PATCH 04/14] app-install: implement multiple set of smack-rules
-
-If it's need it could create load multiple set of smack rules
-related with the privileges.
-It wouldn't affect the case that only the default set of rules is need it.
-
-Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
----
- src/common/service_impl.cpp | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index 7fd621c..ae305d3 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -338,6 +338,12 @@ int appInstall(const app_inst_req &req, uid_t uid)
- LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
- << req.pkgId << ". Applications in package: " << pkgContents.size());
- SmackRules::installApplicationRules(req.appId, req.pkgId, pkgContents);
-+ /*Setup for privileges custom rules*/
-+ LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
-+ << req.pkgId << ". Applications in package: " << pkgContents.size()
-+ << " and Privileges");
-+ SmackRules::installApplicationPrivilegesRules(req.appId, req.pkgId,
-+ pkgContents,req.privileges);
- } catch (const SmackException::Base &e) {
- LogError("Error while applying Smack policy for application: " << e.DumpToString());
- return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch b/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
deleted file mode 100644
index 0739f28c7..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 198ba9b9782fda19803e94d2afeff91189ac27af Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
-Date: Wed, 13 Jan 2016 17:30:06 +0100
-Subject: [PATCH 05/14] c++11: replace deprecated auto_ptr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream-Status: Submitted [https://review.tizen.org/gerrit/#/c/56940/]
-
-Change-Id: Id793c784c9674eef48f346226c094bdd9f7bbda8
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/dpl/core/include/dpl/binary_queue.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/include/dpl/binary_queue.h b/src/dpl/core/include/dpl/binary_queue.h
-index dd03f5e..185b6c7 100644
---- a/src/dpl/core/include/dpl/binary_queue.h
-+++ b/src/dpl/core/include/dpl/binary_queue.h
-@@ -33,7 +33,7 @@ namespace SecurityManager {
- * Binary queue auto pointer
- */
- class BinaryQueue;
--typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-+typedef std::unique_ptr<BinaryQueue> BinaryQueueAutoPtr;
-
- /**
- * Binary stream implemented as constant size bucket list
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch b/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
deleted file mode 100644
index 3b8aad98c..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From ec098bf03cea23350ca7d1ea2ad88b9c88228943 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 8 Jan 2016 16:53:46 +0100
-Subject: [PATCH 06/14] socket-manager: removes tizen specific call
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The function 'smack_fgetlabel' is specific to Tizen
-and is no more maintained upstream.
-
-Upstream-Status: Accepted [https://review.tizen.org/gerrit/#/c/56507/]
-
-Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f
-Signed-off-by: José Bollo <jobol@nonadev.net>
----
- src/server/main/socket-manager.cpp | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
-index 94c54c6..5e1a79b 100644
---- a/src/server/main/socket-manager.cpp
-+++ b/src/server/main/socket-manager.cpp
-@@ -30,6 +30,7 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/smack.h>
-+#include <linux/xattr.h>
- #include <sys/un.h>
- #include <sys/stat.h>
- #include <unistd.h>
-@@ -493,9 +494,9 @@ int SocketManager::CreateDomainSocketHelp(
- if (smack_check()) {
- LogInfo("Set up smack label: " << desc.smackLabel);
-
-- if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
-- LogError("Error in smack_fsetlabel");
-- ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
-+ if (0 != smack_set_label_for_file(sockfd, XATTR_NAME_SMACKIPIN, desc.smackLabel.c_str())) {
-+ LogError("Error in smack_set_label_for_file");
-+ ThrowMsg(Exception::InitFailed, "Error in smack_set_label_for_file");
- }
- } else {
- LogInfo("No smack on platform. Socket won't be securied with smack label!");
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch b/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
deleted file mode 100644
index bad99d25a..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 9d0791dab4b4df086374c5c0ba2a6558e10e81c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 15:56:27 +0100
-Subject: [PATCH 07/14] removes dependency to libslp-db-utils
-
-Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec
----
- src/common/CMakeLists.txt | 3 ++-
- src/dpl/db/src/sql_connection.cpp | 17 +----------------
- 2 files changed, 3 insertions(+), 17 deletions(-)
-
-diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 968c7c1..9ae376f 100644
---- a/src/common/CMakeLists.txt
-+++ b/src/common/CMakeLists.txt
-@@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP
- REQUIRED
- libsystemd
- libsmack
-- db-util
-+ sqlite3
-+ icu-i18n
- cynara-admin
- cynara-client
- )
-diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp
-index fdb4fe4..f49a6dc 100644
---- a/src/dpl/db/src/sql_connection.cpp
-+++ b/src/dpl/db/src/sql_connection.cpp
-@@ -26,7 +26,6 @@
- #include <memory>
- #include <dpl/noncopyable.h>
- #include <dpl/assert.h>
--#include <db-util.h>
- #include <unistd.h>
- #include <cstdio>
- #include <cstdarg>
-@@ -606,16 +605,7 @@ void SqlConnection::Connect(const std::string &address,
-
- // Connect to database
- int result;
-- if (type & Flag::UseLucene) {
-- result = db_util_open_with_options(
-- address.c_str(),
-- &m_connection,
-- flag,
-- NULL);
--
-- m_usingLucene = true;
-- LogPedantic("Lucene index enabled");
-- } else {
-+ (void)type;
- result = sqlite3_open_v2(
- address.c_str(),
- &m_connection,
-@@ -624,7 +614,6 @@ void SqlConnection::Connect(const std::string &address,
-
- m_usingLucene = false;
- LogPedantic("Lucene index disabled");
-- }
-
- if (result == SQLITE_OK) {
- LogPedantic("Connected to DB");
-@@ -653,11 +642,7 @@ void SqlConnection::Disconnect()
-
- int result;
-
-- if (m_usingLucene) {
-- result = db_util_close(m_connection);
-- } else {
- result = sqlite3_close(m_connection);
-- }
-
- if (result != SQLITE_OK) {
- const char *error = sqlite3_errmsg(m_connection);
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
deleted file mode 100644
index 5ece7ef4f..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a1d9b40b4fa2e73d31a53e398c286bffeaae1732 Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Wed, 12 Oct 2016 17:48:55 +0200
-Subject: [PATCH 08/14] Fix gcc6 build
-
-Signed-off-by: ronan <ronan@ot.bzh>
----
- src/client/client-security-manager.cpp | 1 +
- src/common/include/privilege_db.h | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
-index 74a6b30..347cddd 100644
---- a/src/client/client-security-manager.cpp
-+++ b/src/client/client-security-manager.cpp
-@@ -46,6 +46,7 @@
- #include <service_impl.h>
- #include <security-manager.h>
- #include <client-offline.h>
-+#include <linux/xattr.h>
-
- static const char *EMPTY = "";
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 4d73d90..08fb9d6 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -32,6 +32,7 @@
- #include <map>
- #include <stdbool.h>
- #include <string>
-+#include <vector>
-
- #include <dpl/db/sql_connection.h>
- #include <tzplatform_config.h>
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
deleted file mode 100644
index 706eb1a93..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 382379d74221bcc60a0ab70d63430a1c0587b2ec Mon Sep 17 00:00:00 2001
-From: Ronan <ronan.lemartret@iot.bzh>
-Date: Thu, 13 Oct 2016 11:37:47 +0200
-Subject: [PATCH 09/14] Fix Cmake conf for gcc6 build
-
-Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
----
- src/cmd/CMakeLists.txt | 4 +---
- src/server/CMakeLists.txt | 1 -
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
-index ee9a160..aa7a12c 100644
---- a/src/cmd/CMakeLists.txt
-+++ b/src/cmd/CMakeLists.txt
-@@ -1,8 +1,6 @@
- FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options)
-
--INCLUDE_DIRECTORIES(SYSTEM
-- ${Boost_INCLUDE_DIRS}
-- )
-+
-
- INCLUDE_DIRECTORIES(
- ${INCLUDE_PATH}
-diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 6849d76..9598037 100644
---- a/src/server/CMakeLists.txt
-+++ b/src/server/CMakeLists.txt
-@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
-
- INCLUDE_DIRECTORIES(SYSTEM
- ${SERVER_DEP_INCLUDE_DIRS}
-- ${Boost_INCLUDE_DIRS}
- ${Threads_INCLUDE_DIRS}
- )
-
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch b/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
deleted file mode 100644
index 0f48c5f68..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 8e93699c0f225716f3cd5eff790270ae9e3880f9 Mon Sep 17 00:00:00 2001
-From: Changhyeok Bae <changhyeok.bae@gmail.com>
-Date: Sun, 17 Dec 2017 15:40:58 +0000
-Subject: [PATCH 10/14] gcc-7 requires include <functional> for std::function
-
-Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
----
- src/client/client-common.cpp | 1 +
- src/common/smack-labels.cpp | 1 +
- src/dpl/core/src/binary_queue.cpp | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
-index 883ab8d..1babdf7 100644
---- a/src/client/client-common.cpp
-+++ b/src/client/client-common.cpp
-@@ -31,6 +31,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <unistd.h>
-+#include <functional>
-
- #include <dpl/log/log.h>
- #include <dpl/serialization.h>
-diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
-index 0294a42..1598099 100644
---- a/src/common/smack-labels.cpp
-+++ b/src/common/smack-labels.cpp
-@@ -29,6 +29,7 @@
- #include <sys/xattr.h>
- #include <linux/xattr.h>
- #include <memory>
-+#include <functional>
- #include <fts.h>
- #include <cstring>
- #include <string>
-diff --git a/src/dpl/core/src/binary_queue.cpp b/src/dpl/core/src/binary_queue.cpp
-index 72817a6..838409f 100644
---- a/src/dpl/core/src/binary_queue.cpp
-+++ b/src/dpl/core/src/binary_queue.cpp
-@@ -26,6 +26,7 @@
- #include <malloc.h>
- #include <cstring>
- #include <new>
-+#include <functional>
-
- namespace SecurityManager {
- BinaryQueue::BinaryQueue() :
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch b/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
deleted file mode 100644
index 5c679fc26..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 243b7ffee16558d7cb9b411f49380138efeffca9 Mon Sep 17 00:00:00 2001
-From: Stephane Desneux <stephane.desneux@iot.bzh>
-Date: Fri, 1 Feb 2019 12:26:17 +0000
-Subject: [PATCH 11/14] Fix gcc8 warning/error [-Werror=catch-value=]
-
-Fixes the following warning/error during compile:
-
-src/dpl/core/src/assert.cpp:61:14: error: catching polymorphic type 'class SecurityManager::Exception' by value [-Werror=catch-value=]
-| } catch (Exception) {
-| ^~~~~~~~~
-
-Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
----
- src/dpl/core/src/assert.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/dpl/core/src/assert.cpp b/src/dpl/core/src/assert.cpp
-index 63538a2..fc60ce9 100644
---- a/src/dpl/core/src/assert.cpp
-+++ b/src/dpl/core/src/assert.cpp
-@@ -58,7 +58,7 @@ void AssertProc(const char *condition,
- INTERNAL_LOG("### Function: " << function);
- INTERNAL_LOG(
- "################################################################################");
-- } catch (Exception) {
-+ } catch (Exception const&) {
- // Just ignore possible double errors
- }
-
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch b/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
deleted file mode 100644
index 91ccf9ee2..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 5ee51d38575f289c2bf37ed817ef680ed47bb320 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 1 Feb 2019 15:37:44 +0100
-Subject: [PATCH 12/14] Avoid casting from "const T&" to "void*"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Latest version of g++ refuse the cast
-
- reinterpret_cast<void (Service::*)(void*)>(serviceFunction)
-
-I made no investigation to know if the problem
-is coming from the const or not.
-
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- src/server/main/include/service-thread.h | 42 ++++++++++--------------
- 1 file changed, 18 insertions(+), 24 deletions(-)
-
-diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h
-index 964d168..61fdda8 100644
---- a/src/server/main/include/service-thread.h
-+++ b/src/server/main/include/service-thread.h
-@@ -94,7 +94,7 @@ public:
- Join();
- while (!m_eventQueue.empty()){
- auto front = m_eventQueue.front();
-- delete front.eventPtr;
-+ delete front;
- m_eventQueue.pop();
- }
- }
-@@ -104,34 +104,28 @@ public:
- Service *servicePtr,
- void (Service::*serviceFunction)(const T &))
- {
-- EventDescription description;
-- description.serviceFunctionPtr =
-- reinterpret_cast<void (Service::*)(void*)>(serviceFunction);
-- description.servicePtr = servicePtr;
-- description.eventFunctionPtr = &ServiceThread::EventCall<T>;
-- description.eventPtr = new T(event);
-+ EventCallerBase *ec = new EventCaller<T>(event, servicePtr, serviceFunction);
- {
- std::lock_guard<std::mutex> lock(m_eventQueueMutex);
-- m_eventQueue.push(description);
-+ m_eventQueue.push(ec);
- }
- m_waitCondition.notify_one();
- }
-
- protected:
-
-- struct EventDescription {
-- void (Service::*serviceFunctionPtr)(void *);
-- Service *servicePtr;
-- void (ServiceThread::*eventFunctionPtr)(const EventDescription &event);
-- GenericEvent* eventPtr;
-+ struct EventCallerBase {
-+ virtual void fire() = 0;
-+ virtual ~EventCallerBase() {}
- };
-
- template <class T>
-- void EventCall(const EventDescription &desc) {
-- auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr);
-- const T& eventLocale = *(static_cast<T*>(desc.eventPtr));
-- (desc.servicePtr->*fun)(eventLocale);
-- }
-+ struct EventCaller : public EventCallerBase {
-+ T *event; Service *target; void (Service::*function)(const T&);
-+ EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {}
-+ ~EventCaller() { delete event; }
-+ void fire() { (target->*function)(*event); }
-+ };
-
- static void ThreadLoopStatic(ServiceThread *ptr) {
- ptr->ThreadLoop();
-@@ -139,33 +133,33 @@ protected:
-
- void ThreadLoop(){
- for (;;) {
-- EventDescription description = {NULL, NULL, NULL, NULL};
-+ EventCallerBase *ec = NULL;
- {
- std::unique_lock<std::mutex> ulock(m_eventQueueMutex);
- if (m_quit)
- return;
- if (!m_eventQueue.empty()) {
-- description = m_eventQueue.front();
-+ ec = m_eventQueue.front();
- m_eventQueue.pop();
- } else {
- m_waitCondition.wait(ulock);
- }
- }
-
-- if (description.eventPtr != NULL) {
-+ if (ec != NULL) {
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
-- (this->*description.eventFunctionPtr)(description);
-- delete description.eventPtr;
-+ ec->fire();
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-+ delete ec;
- }
- }
- }
-
- std::thread m_thread;
- std::mutex m_eventQueueMutex;
-- std::queue<EventDescription> m_eventQueue;
-+ std::queue<EventCallerBase*> m_eventQueue;
- std::condition_variable m_waitCondition;
-
- State m_state;
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch b/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
deleted file mode 100644
index fb6215923..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
+++ /dev/null
@@ -1,259 +0,0 @@
-From 6c96a39ba7a7763ccd47e379dbfd8d376164985f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 14:26:25 +0100
-Subject: [PATCH 13/14] Removing tizen-platform-config
-
-Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
----
- CMakeLists.txt | 16 +++++++-
- db/CMakeLists.txt | 2 +-
- policy/CMakeLists.txt | 1 +
- ...load => security-manager-policy-reload.in} | 4 +-
- src/common/file-lock.cpp | 4 +-
- src/common/include/file-lock.h | 1 -
- src/common/include/privilege_db.h | 3 +-
- src/common/service_impl.cpp | 39 ++++++-------------
- src/common/smack-rules.cpp | 12 ++----
- 9 files changed, 37 insertions(+), 45 deletions(-)
- rename policy/{security-manager-policy-reload => security-manager-policy-reload.in} (94%)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 28790d8..37a43cc 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -49,7 +49,7 @@ ADD_DEFINITIONS("-Wall") # Generate all warnings
- ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-
- STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
--ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-+ADD_DEFINITIONS("-DAPI_VERSION=\"${API_VERSION}\"")
-
- ADD_DEFINITIONS("-DSMACK_ENABLED")
-
-@@ -58,6 +58,20 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
- ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
- ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
-
-+SET(DATADIR "/usr/share/security-manager" CACHE STRING "path to data directory")
-+SET(SMACKRULESDIR "/etc/smack/accesses.d" CACHE STRING "path to Smack rules directory")
-+SET(LOCKDIR "/var/run/lock" CACHE STRING "path to lock directory")
-+SET(DB_INSTALL_DIR "/var/db/security-manager" CACHE STRING "path to database directory")
-+SET(DB_FILENAME ".security-manager.db" CACHE STRING "basename of database")
-+SET(GLOBALUSER "userapp" CACHE STRING "name of the global user")
-+
-+ADD_DEFINITIONS("-DDATADIR=\"${DATADIR}\"")
-+ADD_DEFINITIONS("-DSMACKRULESDIR=\"${SMACKRULESDIR}\"")
-+ADD_DEFINITIONS("-DLOCKDIR=\"${LOCKDIR}\"")
-+ADD_DEFINITIONS("-DDB_INSTALL_DIR=\"${DB_INSTALL_DIR}\"")
-+ADD_DEFINITIONS("-DDB_FILENAME=\"${DB_FILENAME}\"")
-+ADD_DEFINITIONS("-DGLOBALUSER=\"${GLOBALUSER}\"")
-+
- ADD_SUBDIRECTORY(src)
- ADD_SUBDIRECTORY(pc)
- ADD_SUBDIRECTORY(systemd)
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index 9e8ffcc..d7af1a0 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,4 +1,4 @@
--SET(TARGET_DB ".security-manager.db")
-+SET(TARGET_DB "$(DB_FILENAME)")
-
- ADD_CUSTOM_COMMAND(
- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt
-index bd08edc..626a2bd 100644
---- a/policy/CMakeLists.txt
-+++ b/policy/CMakeLists.txt
-@@ -1,4 +1,5 @@
- FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
-+CONFIGURE_FILE(security-manager-policy-reload.in security-manager-policy-reload @ONLY)
- INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
- INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload.in
-similarity index 94%
-rename from policy/security-manager-policy-reload
-rename to policy/security-manager-policy-reload.in
-index 6f211c6..c1bc4e2 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload.in
-@@ -1,8 +1,8 @@
- #!/bin/sh -e
-
--POLICY_PATH=/usr/share/security-manager/policy
-+POLICY_PATH=@DATADIR@/policy
- PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
--DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
-+DB_FILE=@DB_INSTALL_DIR@/@DB_FILENAME@
-
- # Create default buckets
- while read bucket default_policy
-diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
-index 6f3996c..88d2092 100644
---- a/src/common/file-lock.cpp
-+++ b/src/common/file-lock.cpp
-@@ -30,9 +30,7 @@
-
- namespace SecurityManager {
-
--char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
-- "lock",
-- "security-manager.lock");
-+char const * const SERVICE_LOCK_FILE = LOCKDIR "/security-manager.lock";
-
- FileLocker::FileLocker(const std::string &lockFile, bool blocking)
- {
-diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
-index 604b019..21a86a0 100644
---- a/src/common/include/file-lock.h
-+++ b/src/common/include/file-lock.h
-@@ -29,7 +29,6 @@
-
- #include <dpl/exception.h>
- #include <dpl/noncopyable.h>
--#include <tzplatform_config.h>
-
- namespace SecurityManager {
-
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 08fb9d6..3344987 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -35,14 +35,13 @@
- #include <vector>
-
- #include <dpl/db/sql_connection.h>
--#include <tzplatform_config.h>
-
- #ifndef PRIVILEGE_DB_H_
- #define PRIVILEGE_DB_H_
-
- namespace SecurityManager {
-
--const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-+const char *const PRIVILEGE_DB_PATH = DB_INSTALL_DIR "/" DB_FILENAME;
-
- enum class QueryType {
- EGetPkgPrivileges,
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index ae305d3..42150fe 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -32,7 +32,6 @@
- #include <algorithm>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "protocols.h"
- #include "privilege_db.h"
-@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
-
- static uid_t getGlobalUserId(void)
- {
-- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-+ static uid_t globaluid = 0;
-+ if (!globaluid) {
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwnam_r(GLOBALUSER, &pw, buf, sizeof buf, &p);
-+ globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
-+ }
- return globaluid;
- }
-
-@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
-
- static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
- {
-- struct tzplatform_context *tz_ctx = nullptr;
--
-- if (tzplatform_context_create(&tz_ctx))
-- return false;
--
-- if (tzplatform_context_set_user(tz_ctx, uid)) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-+ struct passwd pw, *p;
-+ char buf[4096];
-+ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
-+ if (rc || p == NULL)
- return false;
-- }
--
-- enum tzplatform_variable id =
-- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
-- const char *appDir = tzplatform_context_getenv(tz_ctx, id);
-- if (!appDir) {
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
-- return false;
-- }
--
-- userAppDir = appDir;
--
-- tzplatform_context_destroy(tz_ctx);
-- tz_ctx = nullptr;
--
-+ userAppDir = p->pw_dir;
- return true;
- }
-
- static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
- {
-- std::string userHome;
- std::string userAppDir;
- std::stringstream correctPath;
-
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 922a56f..c2e0041 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -34,7 +34,6 @@
- #include <memory>
-
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
-
- #include "smack-labels.h"
- #include "smack-rules.h"
-@@ -43,7 +42,7 @@ namespace SecurityManager {
-
- const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~";
- const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~";
--const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
-+const char *const APP_RULES_TEMPLATE_FILE_PATH = DATADIR "/policy/app-rules-template.smack";
- const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat";
-
- SmackRules::SmackRules()
-@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
-
- std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/pkg_" + pkgId;
- }
-
- std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- {
-- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
-- return path;
-+ return SMACKRULESDIR "/app_" + appId;
- }
- void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
- const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
- for (auto privilege : privileges) {
- if (privilege.empty())
- continue;
-- std::string fprivilege ( privilege + "-template.smack");
-- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+ std::string path = DATADIR "/policy/" + privilege + "-template.smack";
- if( stat(path.c_str(), &buffer) == 0)
- smackRules.addFromTemplateFile(appId, pkgId, path);
- }
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch b/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
deleted file mode 100644
index 542a387d2..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From c7f9d14e38a1b6d40b2fffa01433a3025eff9abd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Tue, 26 Nov 2019 12:34:39 +0100
-Subject: [PATCH 14/14] Ensure post install initialization of database
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Creation of the database was made during image creation,
-leading to issue with SOTA. This adds the creation on
-need before launching the service.
-
-Change-Id: Idfd0676bd87d39f7c10eaafd63f3a318f675c972
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- db/CMakeLists.txt | 14 ++++++--------
- db/security-manager-setup | 14 ++++++++++++++
- systemd/security-manager.service.in | 1 +
- 3 files changed, 21 insertions(+), 8 deletions(-)
- create mode 100644 db/security-manager-setup
-
-diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
-index d7af1a0..dcf5bc8 100644
---- a/db/CMakeLists.txt
-+++ b/db/CMakeLists.txt
-@@ -1,12 +1,10 @@
--SET(TARGET_DB "$(DB_FILENAME)")
--
- ADD_CUSTOM_COMMAND(
-- OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
-- COMMAND sqlite3 ${TARGET_DB} <db.sql
-- )
-+ OUTPUT .security-manager-setup
-+ COMMAND sed '/--DB\.SQL--/r db.sql' security-manager-setup > .security-manager-setup
-+ DEPENDS security-manager-setup db.sql
-+)
-
- # Add a dummy build target to trigger building of ${TARGET_DB}
--ADD_CUSTOM_TARGET(DB ALL DEPENDS ${TARGET_DB})
-+ADD_CUSTOM_TARGET(DB ALL DEPENDS .security-manager-setup)
-
--INSTALL(FILES ${TARGET_DB} DESTINATION ${DB_INSTALL_DIR})
--INSTALL(FILES ${TARGET_DB}-journal DESTINATION ${DB_INSTALL_DIR})
-+INSTALL(PROGRAMS .security-manager-setup DESTINATION ${BIN_INSTALL_DIR})
-diff --git a/db/security-manager-setup b/db/security-manager-setup
-new file mode 100644
-index 0000000..5675baf
---- /dev/null
-+++ b/db/security-manager-setup
-@@ -0,0 +1,14 @@
-+#!/bin/sh
-+
-+if test -f "$1"; then exit; fi
-+set -e
-+dbdir="$(dirname "$1")"
-+dbfile="$(basename "$1")"
-+test -n "$dbfile"
-+test -n "$dbdir"
-+mkdir -p "$dbdir"
-+cd "$dbdir"
-+sqlite3 "$dbfile" << END-OF-CAT
-+--DB.SQL--
-+END-OF-CAT
-+
-diff --git a/systemd/security-manager.service.in b/systemd/security-manager.service.in
-index 23fd1b2..2bf97d7 100644
---- a/systemd/security-manager.service.in
-+++ b/systemd/security-manager.service.in
-@@ -3,5 +3,6 @@ Description=Start the security manager
-
- [Service]
- Type=notify
-+ExecStartPre=@BIN_INSTALL_DIR@/.security-manager-setup @DB_INSTALL_DIR@/@DB_FILENAME@
- ExecStart=@BIN_INSTALL_DIR@/security-manager
- Sockets=security-manager.socket
---
-2.21.0
-
diff --git a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch b/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
deleted file mode 100644
index d9949193b..000000000
--- a/meta-security/recipes-security/security-manager/security-manager/0015-Restrict-socket-accesses.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7cffcd61378a9d7c0e7db5691b2da3a37448c969 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Thu, 30 Jan 2020 09:19:25 +0100
-Subject: [PATCH 15/15] Restrict socket accesses
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ensure that only members of the group and the owner can access
-the security manager.
-
-Bug-AGL: SPEC-3146
-
-Change-Id: I68ce6523db4bfd4707c3680555c3cb0cf8858ef2
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- systemd/security-manager.socket | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/systemd/security-manager.socket b/systemd/security-manager.socket
-index af1c1da..b401f77 100644
---- a/systemd/security-manager.socket
-+++ b/systemd/security-manager.socket
-@@ -1,6 +1,6 @@
- [Socket]
- ListenStream=/run/security-manager.socket
--SocketMode=0777
-+SocketMode=0660
- SmackLabelIPIn=*
- SmackLabelIPOut=@
-
---
-2.21.1
-
diff --git a/meta-security/recipes-security/security-manager/security-manager_git.bb b/meta-security/recipes-security/security-manager/security-manager_git.bb
deleted file mode 100644
index b34973519..000000000
--- a/meta-security/recipes-security/security-manager/security-manager_git.bb
+++ /dev/null
@@ -1,27 +0,0 @@
-require security-manager.inc
-
-PV = "1.0.2+git${SRCPV}"
-SRCREV = "860305a595d681d650024ad07b3b0977e1fcb0a6"
-SRC_URI += "git://github.com/Samsung/security-manager.git"
-S = "${WORKDIR}/git"
-
-SRC_URI += " \
- file://0001-systemd-stop-using-compat-libs.patch \
- file://0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch \
- file://0003-Smack-rules-create-two-new-functions.patch \
- file://0004-app-install-implement-multiple-set-of-smack-rules.patch \
- file://0005-c-11-replace-deprecated-auto_ptr.patch \
- file://0006-socket-manager-removes-tizen-specific-call.patch \
- file://0007-removes-dependency-to-libslp-db-utils.patch \
- file://0008-Fix-gcc6-build.patch \
- file://0009-Fix-Cmake-conf-for-gcc6-build.patch \
- file://0010-gcc-7-requires-include-functional-for-std-function.patch \
- file://0011-Fix-gcc8-warning-error-Werror-catch-value.patch \
- file://0012-Avoid-casting-from-const-T-to-void.patch \
- file://0013-Removing-tizen-platform-config.patch \
- file://0014-Ensure-post-install-initialization-of-database.patch \
- file://0015-Restrict-socket-accesses.patch \
-"
-
-# Use make with cmake and not ninja
-OECMAKE_GENERATOR = "Unix Makefiles"
diff --git a/meta-security/recipes-security/smacknet/files/smacknet b/meta-security/recipes-security/smacknet/files/smacknet
deleted file mode 100644
index 3818d30ae..000000000
--- a/meta-security/recipes-security/smacknet/files/smacknet
+++ /dev/null
@@ -1,184 +0,0 @@
-#!/usr/bin/python
-# Copyright (c) 2012, 2013, Intel Corporation
-# Copyright (c) 2009 David Wolinsky <davidiw@ufl.edu), University of Florida
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. The name of the author may not be used to endorse or promote products
-# derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-import socket,fcntl, struct, thread
-import os.path
-import sys
-
-SMACKFS_LOAD="/sys/fs/smackfs/load2"
-SMACKFS_NETLABEL="/sys/fs/smackfs/netlabel"
-SIOCGIFADDR = 0x8915
-SIOCGIFNETMASK = 0x891b
-
-def get_ip_address(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- return fcntl.ioctl(s.fileno(), SIOCGIFADDR,
- struct.pack('256s', ifname.encode("utf-8")))[20:24]
-
-def get_netmask(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- return fcntl.ioctl(s.fileno(), SIOCGIFNETMASK,
- struct.pack('256s', ifname.encode("utf-8")))[20:24]
-
-def applynetlabeltags(interface, addr):
- if not interface.startswith("lo"):
- bmask = get_netmask(interface.encode("utf-8"))
- prefix = bin(struct.unpack(">L", bmask)[0]).count("1")
- tags = [
- addr+"/"+str(prefix)+" Network::Local\n",
- "0.0.0.0/0 Network::Cloud\n",
- "127.0.0.1/8 -CIPSO\n"]
- smackfs_netlabel(tags)
-
-def loadnetlabelrules():
- rulesSystem = [
- "System Network::Cloud w\n",
- "System Network::Local w\n",
- "Network::Cloud System w\n",
- "Network::Local System w\n"]
- smackfs_load2(rulesSystem)
-
-def smackfs_load2 (rules):
- with open(SMACKFS_LOAD, "w") as load2:
- for rule in rules:
- load2.write(rule)
-
-def smackfs_netlabel (tags):
- for tag in tags:
- with open(SMACKFS_NETLABEL, "w") as netlabel:
- netlabel.write(tag)
-
-"""
- Source of: Class ip monitor, and other functions named bellow.
- Original author: David Wolinsky <davidiw@ufl.edu
- Copied from: https://github.com/davidiw/Grid-Appliance/blob/master/scripts/ip_monitor.py
-
-"""
-
-"""4 byte alignment"""
-
-def align(inc):
- diff = inc % 4
- return inc + ((4 - diff) % 4)
-
-class ifaddr:
- """Parse an ifaddr packet"""
- LOCAL = 2
- LABEL = 3
-
- def __init__(self, packet):
- self.family, self.prefixlen, self.flags, self.scope, self.index = \
- struct.unpack("BBBBI", packet[:8])
-
-class rtattr:
- """Parse a rtattr packet"""
- GRP_IPV4_IFADDR = 0x10
-
- NEWADDR = 20
- DELADDR = 21
- GETADDR = 22
-
- def __init__(self, packet):
- self.len, self.type = struct.unpack("HH", packet[:4])
- if self.type == ifaddr.LOCAL:
- addr = struct.unpack("BBBB", packet[4:self.len])
- self.payload = "%s.%s.%s.%s" % (addr[0], addr[1], addr[2], addr[3])
- elif self.type == ifaddr.LABEL:
- self.payload = packet[4:self.len].strip("\0")
- else:
- self.payload = packet[4:self.len]
-
-class netlink:
- """Parse a netlink packet"""
- REQUEST = 1
- ROOT = 0x100
- MATCH = 0x200
- DONE = 3
-
- def __init__(self, packet):
- self.msglen, self.msgtype, self.flags, self.seq, self.pid = \
- struct.unpack("IHHII", packet[:16])
- self.ifa = None
- try:
- self.ifa = ifaddr(packet[16:24])
- except:
- return
-
- self.rtas = {}
- pos = 24
- while pos < self.msglen:
- try:
- rta = rtattr(packet[pos:])
- except:
- break
- pos += align(rta.len)
- self.rtas[rta.type] = rta.payload
-
-class ip_monitor:
- def __init__(self, callback = None):
- if callback == None:
- callback = self.print_cb
- self._callback = callback
-
- def print_cb(self, label, addr):
- print (label + " => " + addr)
-
- def request_addrs(self, sock):
- sock.send(struct.pack("IHHIIBBBBI", 24, rtattr.GETADDR, \
- netlink.REQUEST | netlink.ROOT | netlink.MATCH, 0, sock.getsockname()[0], \
- socket.AF_INET, 0, 0, 0, 0))
-
- def start_thread(self):
- thread.start_new_thread(self.run, ())
-
- def run(self):
- sock = socket.socket(socket.AF_NETLINK, socket.SOCK_RAW, socket.NETLINK_ROUTE)
- sock.bind((0, rtattr.GRP_IPV4_IFADDR))
- self.request_addrs(sock)
-
- while True:
- data = sock.recv(4096)
- pos = 0
- while pos < len(data):
- nl = netlink(data[pos:])
- if nl.msgtype == netlink.DONE:
- break
- pos += align(nl.msglen)
- if nl.msgtype != rtattr.NEWADDR:
- continue
- self._callback(nl.rtas[ifaddr.LABEL], nl.rtas[ifaddr.LOCAL])
-
-def main():
- if not os.path.isfile(SMACKFS_LOAD):
- print ("Smack not found.")
- return -1
- loadnetlabelrules()
-
- ip_monitor(applynetlabeltags).run()
-
-if __name__ == "__main__":
- main()
diff --git a/meta-security/recipes-security/smacknet/files/smacknet.service b/meta-security/recipes-security/smacknet/files/smacknet.service
deleted file mode 100644
index 218d8b896..000000000
--- a/meta-security/recipes-security/smacknet/files/smacknet.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=netlabels configuration for SMACK
-Wants=network.target network-online.target
-After=network.target network-online.target
-
-[Service]
-TimeoutStartSec=0
-ExecStart=@BINDIR@/smacknet
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-security/recipes-security/smacknet/smacknet.bb b/meta-security/recipes-security/smacknet/smacknet.bb
deleted file mode 100644
index 250cdb132..000000000
--- a/meta-security/recipes-security/smacknet/smacknet.bb
+++ /dev/null
@@ -1,29 +0,0 @@
-#SMACKNET Description
-SUMMARY = "Smack network labels configuration"
-DESCRIPTION = "Provide service that will be labeling the network rules"
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
-RDEPENDS_${PN} = "python"
-
-SRC_URI += "file://smacknet \
- file://smacknet.service \
- "
-S = "${WORKDIR}"
-
-inherit systemd
-
-inherit features_check
-REQUIRED_DISTRO_FEATURES = "smack"
-
-#netlabel configuration service
-SYSTEMD_SERVICE_${PN} = "smacknet.service"
-SYSTEMD_AUTO_ENABLE = "enable"
-do_install(){
- install -d ${D}${bindir}
- install -m 0551 ${WORKDIR}/smacknet ${D}${bindir}
-
- install -d -m 755 ${D}${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/smacknet.service ${D}${systemd_unitdir}/system
- sed -i -e 's,@BINDIR@,${bindir},g' ${D}${systemd_unitdir}/system/smacknet.service
-}
-