Security/Tizen 3.X Security migration for upgrade
From Tizen Wiki
- When an image is updated only RO partition via FOTA or OTN, RW data related with security module need to be updated accordingly.
- "/usr/share/upgrade/scripts/201.security_upgrade.sh" is installed by security-config package, and be run while RW migration stage.
What does do "201.security_upgrade.sh"?
- Cynara DB upgrade is executed if needed.
- There was only one change in Cynara DB (checksum algorithm) long time ago. Therefore, usually it doesn't actually work.
- Update global uid in security-manager and policy DB.
- Create dummy file for a bind mount used for run-time permission control
- Run "security-manager-policy-reload" and "/usr/share/security-manager/policy/update.sh" to update belows.
- Update cynara bucket structure.
- Update default cynara rules
- Update privilege-group information in security-manager DB.
What if a separate RW migration stage is not provided?
- Some products does not provide RW migration stage, but update RW data by each module implementations or some initialization scripts.
- Same implementations in "201.security_upgrade.sh" need to be included in those.