pipewire: Rework of security settings

This changes is mainly focussed on shifting from cynara to cynagora permission database. But it also changes how setting is done in the hope to make it simpler. Bug-AGL: SPEC-2993 Change-Id: Ie9085e11560724baf4194fc6d17651d40523bab7 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh> 2019-11-26 19:51:47 +0100
committer: José Bollo <jose.bollo@iot.bzh> 2019-11-26 19:51:47 +0100
commit: d219d210bbee90b7300dda3a8197b504c59dc88a (patch)
tree: 0b84db825f69ae68052bcdddc22f07db0848a5d3 /meta-pipewire
parent: 857b333d74d336d2c61a7eda5a1c5f22c638fa27 (diff)
4 files changed, 9 insertions, 56 deletions
diff --git a/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
new file mode 100644
index 00000000..9395c90c
--- /dev/null
+++ b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
@@ -0,0 +1,5 @@
+
+do_install_append() {
+   echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial
+}
+
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
deleted file mode 100644
index 821c1e1d..00000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From cc5cbaddad6fe559e9e482467266fb18fb00c6a7 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Wed, 26 Jun 2019 16:02:13 +0300
-Subject: [PATCH] Adapt smack rules to allow connections to pipewire
-
-Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com>
----
- policy/app-rules-template.smack | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
-index 910f40c..78b75de 100644
---- a/policy/app-rules-template.smack
-+++ b/policy/app-rules-template.smack
-@@ -4,6 +4,7 @@ System ~PKG~ rwxat
- ~APP~ System::Shared rx
- ~APP~ System::Run rwxat
- ~APP~ System::Log rwxa
-+~APP~ System::Pipewire rw
- ~APP~ _ l
- ~APP~ User::Home rxl
- ~APP~ User::App-Shared rwxat
--- 
-2.20.1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
deleted file mode 100644
index fbf9ca6f..00000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f95469247c182b3c4b527af04b1ae50658461e85 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Tue, 3 Sep 2019 16:24:49 +0300
-Subject: [PATCH] Grant dbus privilege to pipewire
-
----
- policy/security-manager-policy-reload | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..a883048 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -59,6 +59,9 @@ do
-     cyad --set-policy --bucket=MANIFESTS --client="$client" --user="*" --privilege="*" --type=ALLOW
- done
- 
-+# PipeWire needs to get access to dbus
-+cyad --set-policy --bucket=MANIFESTS --client="System::Pipewire" --user="*" --privilege="http://tizen.org/privilege/internal/dbus" --type=ALLOW
-+
- # Load privilege-group mappings
- (
- echo "BEGIN;"
--- 
-2.23.0.rc1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
index 97d01822..59449446 100644
--- a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
+++ b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
@@ -1,5 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
-SRC_URI += "\
-    file://0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch \
-    file://0002-Grant-dbus-privilege-to-pipewire.patch \
-    "
+
+do_install_append() {
+   echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
+}
author	José Bollo <jose.bollo@iot.bzh>	2019-11-26 19:51:47 +0100
committer	José Bollo <jose.bollo@iot.bzh>	2019-11-26 19:51:47 +0100
commit	d219d210bbee90b7300dda3a8197b504c59dc88a (patch)
tree	0b84db825f69ae68052bcdddc22f07db0848a5d3 /meta-pipewire
parent	857b333d74d336d2c61a7eda5a1c5f22c638fa27 (diff)