diff options
author | José Bollo <jose.bollo@iot.bzh> | 2019-11-26 19:51:47 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2019-11-26 19:51:47 +0100 |
commit | d219d210bbee90b7300dda3a8197b504c59dc88a (patch) | |
tree | 0b84db825f69ae68052bcdddc22f07db0848a5d3 /meta-pipewire | |
parent | 857b333d74d336d2c61a7eda5a1c5f22c638fa27 (diff) |
pipewire: Rework of security settings
This changes is mainly focussed on shifting
from cynara to cynagora permission database.
But it also changes how setting is done
in the hope to make it simpler.
Bug-AGL: SPEC-2993
Change-Id: Ie9085e11560724baf4194fc6d17651d40523bab7
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-pipewire')
4 files changed, 9 insertions, 56 deletions
diff --git a/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend new file mode 100644 index 00000000..9395c90c --- /dev/null +++ b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend @@ -0,0 +1,5 @@ + +do_install_append() { + echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial +} + diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch deleted file mode 100644 index 821c1e1d..00000000 --- a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch +++ /dev/null @@ -1,25 +0,0 @@ -From cc5cbaddad6fe559e9e482467266fb18fb00c6a7 Mon Sep 17 00:00:00 2001 -From: George Kiagiadakis <george.kiagiadakis@collabora.com> -Date: Wed, 26 Jun 2019 16:02:13 +0300 -Subject: [PATCH] Adapt smack rules to allow connections to pipewire - -Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com> ---- - policy/app-rules-template.smack | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack -index 910f40c..78b75de 100644 ---- a/policy/app-rules-template.smack -+++ b/policy/app-rules-template.smack -@@ -4,6 +4,7 @@ System ~PKG~ rwxat - ~APP~ System::Shared rx - ~APP~ System::Run rwxat - ~APP~ System::Log rwxa -+~APP~ System::Pipewire rw - ~APP~ _ l - ~APP~ User::Home rxl - ~APP~ User::App-Shared rwxat --- -2.20.1 - diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch deleted file mode 100644 index fbf9ca6f..00000000 --- a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f95469247c182b3c4b527af04b1ae50658461e85 Mon Sep 17 00:00:00 2001 -From: George Kiagiadakis <george.kiagiadakis@collabora.com> -Date: Tue, 3 Sep 2019 16:24:49 +0300 -Subject: [PATCH] Grant dbus privilege to pipewire - ---- - policy/security-manager-policy-reload | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload -index 274c49c..a883048 100755 ---- a/policy/security-manager-policy-reload -+++ b/policy/security-manager-policy-reload -@@ -59,6 +59,9 @@ do - cyad --set-policy --bucket=MANIFESTS --client="$client" --user="*" --privilege="*" --type=ALLOW - done - -+# PipeWire needs to get access to dbus -+cyad --set-policy --bucket=MANIFESTS --client="System::Pipewire" --user="*" --privilege="http://tizen.org/privilege/internal/dbus" --type=ALLOW -+ - # Load privilege-group mappings - ( - echo "BEGIN;" --- -2.23.0.rc1 - diff --git a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend index 97d01822..59449446 100644 --- a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend +++ b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend @@ -1,5 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" -SRC_URI += "\ - file://0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch \ - file://0002-Grant-dbus-privilege-to-pipewire.patch \ - " + +do_install_append() { + echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack +} |