aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-11-26 19:51:47 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-11-26 19:51:47 +0100
commitd219d210bbee90b7300dda3a8197b504c59dc88a (patch)
tree0b84db825f69ae68052bcdddc22f07db0848a5d3
parent857b333d74d336d2c61a7eda5a1c5f22c638fa27 (diff)
pipewire: Rework of security settings
This changes is mainly focussed on shifting from cynara to cynagora permission database. But it also changes how setting is done in the hope to make it simpler. Bug-AGL: SPEC-2993 Change-Id: Ie9085e11560724baf4194fc6d17651d40523bab7 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend5
-rw-r--r--meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch25
-rw-r--r--meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch26
-rw-r--r--meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend9
4 files changed, 9 insertions, 56 deletions
diff --git a/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
new file mode 100644
index 00000000..9395c90c
--- /dev/null
+++ b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
@@ -0,0 +1,5 @@
+
+do_install_append() {
+ echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial
+}
+
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
deleted file mode 100644
index 821c1e1d..00000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From cc5cbaddad6fe559e9e482467266fb18fb00c6a7 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Wed, 26 Jun 2019 16:02:13 +0300
-Subject: [PATCH] Adapt smack rules to allow connections to pipewire
-
-Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com>
----
- policy/app-rules-template.smack | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
-index 910f40c..78b75de 100644
---- a/policy/app-rules-template.smack
-+++ b/policy/app-rules-template.smack
-@@ -4,6 +4,7 @@ System ~PKG~ rwxat
- ~APP~ System::Shared rx
- ~APP~ System::Run rwxat
- ~APP~ System::Log rwxa
-+~APP~ System::Pipewire rw
- ~APP~ _ l
- ~APP~ User::Home rxl
- ~APP~ User::App-Shared rwxat
---
-2.20.1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
deleted file mode 100644
index fbf9ca6f..00000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f95469247c182b3c4b527af04b1ae50658461e85 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Tue, 3 Sep 2019 16:24:49 +0300
-Subject: [PATCH] Grant dbus privilege to pipewire
-
----
- policy/security-manager-policy-reload | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..a883048 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -59,6 +59,9 @@ do
- cyad --set-policy --bucket=MANIFESTS --client="$client" --user="*" --privilege="*" --type=ALLOW
- done
-
-+# PipeWire needs to get access to dbus
-+cyad --set-policy --bucket=MANIFESTS --client="System::Pipewire" --user="*" --privilege="http://tizen.org/privilege/internal/dbus" --type=ALLOW
-+
- # Load privilege-group mappings
- (
- echo "BEGIN;"
---
-2.23.0.rc1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
index 97d01822..59449446 100644
--- a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
+++ b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
@@ -1,5 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
-SRC_URI += "\
- file://0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch \
- file://0002-Grant-dbus-privilege-to-pipewire.patch \
- "
+
+do_install_append() {
+ echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
+}