Security/Tizen 3.X Security migration for upgrade

From Tizen Wiki
Jump to: navigation, search
  • When an image is updated only RO partition via FOTA or OTN, RW data related with security module need to be updated accordingly.
"/usr/share/upgrade/scripts/201.security_upgrade.sh" is installed by security-config package, and be run while RW migration stage.

What does do "201.security_upgrade.sh"?

  • Cynara DB upgrade is executed if needed.
    • There was only one change in Cynara DB (checksum algorithm) long time ago. Therefore, usually it doesn't actually work.
  • Update global uid in security-manager and policy DB.
  • Create dummy file for a bind mount used for run-time permission control
  • Run "security-manager-policy-reload" and "/usr/share/security-manager/policy/update.sh" to update belows.
    • Update cynara bucket structure.
    • Update default cynara rules
    • Update privilege-group information in security-manager DB.

What if a separate RW migration stage is not provided?

  • Some products does not provide RW migration stage, but update RW data by each module implementations or some initialization scripts.
  • Same implementations in "201.security_upgrade.sh" need to be included in those.