Security/Command line tools

From Tizen Wiki
Jump to: navigation, search

security-manager command line tools

security-manager-cmd

Usage: security-manager-cmd [options]

  • Allowed options:
  • Generic options:
   -h [ --help ]                  produce help message
   -i [ --install ]               install an application (deprecated, use "manage-apps" instead)
   -n [ --manage-apps ] arg       add or remove app, parameter is either a/add or r/remove
   -m [ --manage-users ] arg      add or remove user, parameter is either a/add or r/remove
   -o [ --manage-privilege ] arg  allow or deny privilege, parameter is either a/allow or d/deny
   -b [ --backup ]                make a backup of the database file
  • App management options:
   -a [ --app ] arg               application name (required)  
   -g [ --pkg ] arg               package name for the application (required)  
   -p [ --path ] arg              path for setting smack labels (may occur more than once).                                 
           Format: --path <path> <path type>
                   where <path type> is: rw, ro, public_ro, rw_others_ro, trusted_rw ('trusted rw' requires author id)                                 
           example:
                   --path=/home/user/app rw  
   -s [ --privilege ] arg         privilege for the application (may occur more than once)  
   -u [ --uid ] arg               user identifier number (required)  
   -t [ --tizen ] arg             target tizen version (e.g. 2.4, 3.0)  
   -c [ --author-id ] arg         unique author's identifier (required for trusted_rw paths)  
   --install-type arg             type of installation (local, global, preloaded)  
   --hybrid                       sets 'hybrid' flag  
   --pkg-privilege-level arg      package privilege level (public, partner, platform)  
   --pkg-type arg                 package type (wrt, core, metadata)
  • User management options:
   -u [ --uid ] arg               user identifier number (required)  
   -t [ --usertype ] arg          user type:one of system, admin, guest, normal.
                                  Set to 'normal' by default,ignored on user removal
  • Privilege management options:
   -s [ --privilege ] arg         privilege for the application (required)  
   -a [ --app ] arg               application name (required)  
   -u [ --uid ] arg               user identifier number (required)

Examples
TBD

security-manager-rules-loader

Load / Recover SMACK rules generated for applications. This tool should be executed when device is booted up, before launching any application.
Generally, just run "security-manager-rules-loader" is enough and cover every cases.
But, if SMACK rules need to be loaded separately for some reasons (ex : some apps need to be launched very early as an exception), it could be possible by referring below usages. Examples:
# security-manager-rules-loader

initialize database (potentially with fallback), write rules to load2

# security-manager-rules-loader --fallback-only

initialize database with fallback, write rules to load2

# security-manager-rules-loader --no-load

initialize database (potentially with fallback)

# security-manager-rules-loader --default

initialize database (potentially with fallback), write all System/User rules to load2

# security-manager-rules-loader --packages <space-separated-list>

initialize database (potentially with fallback), write rules for list of packages to load2,
this option may be combined with --default (--default as the first option)

# security-manager-rules-loader --exclude <space-separated-list>

initialize database (potentially with fallback), write rules for all packages except list of packages to load2,
this option may be combined with --default (--default as the first option)

cynara command line tools

cyad

Cyad is a command-line tool for managing Cynara's database.
Cyad supports full administrative access to Cynara and provides the same functionality as admin API.
Usage: cyad [OPTIONS]

  • Bucket set options (with -b or --set-bucket)
  -b, --set-bucket=<name>        name of bucket to add or alter
  -t, --type=<type>              policy type - required
  -m, --metadata=<metadata>      metadata for policy
  -B, --backup                  
  • Bucket delete options (with -d or --delete-bucket)
  -d, --delete-bucket=<name>     name of bucket to delete - required
  • Policy set options (with -s or --set-policy)
  -k, --bucket=<name>            name of bucket; omit for default
  -c, --client=<client>          client value - required
  -u, --user=<user>              user value - required
  -p, --privilege=<privilege>    privilege value - required
  -t, --type=<type>              policy type - required
  -m, --metadata=<metadata>      metadata for policy
  -f, --bulk=<filename>          path or - for stdin
  • Policy erase options (with -e or --erase)
  -e, --erase=<name>             name of bucket to erase policies from - required
  -r, --recursive=<yes|no>       if linked buckets should be processed as well - required
  -c, --client=<client>          client value - required
  -u, --user=<user>              user value - required
  -p, --privilege=<privilege>    privilege value - required
  • Administrative policy check options (with -a or --check)
  -k, --bucket=<name>            name of bucket; omit for default
  -r, --recursive=<yes|no>       if linked buckets should be processed as well - required
  -c, --client=<client>          client value - required
  -u, --user=<user>              user value - required
  -p, --privilege=<privilege>    privilege value - required
  -H, --human-readable           print policy types in human readable format
  • Policies list options (with -l or --list-policies)
  -l, --list-policies=<bucket>   name of bucket to list policies from - required
  -c, --client=<client>          client value - required   -u, --user=<user>              user value - required
  -p, --privilege=<privilege>    privilege value - required
  -A, --all                      list all - equivalent to -c "#" -u "#" -p "#"
  -H, --human-readable           print policy types in human readable format
  • Policies descriptions list options (with -g or --list-policies-descriptions)
  -g, --list-policies-descriptions
  • Help options (with -h or --help)
  -h, --help                     print help message

Examples
TBD