From d219d210bbee90b7300dda3a8197b504c59dc88a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 26 Nov 2019 19:51:47 +0100 Subject: pipewire: Rework of security settings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This changes is mainly focussed on shifting from cynara to cynagora permission database. But it also changes how setting is done in the hope to make it simpler. Bug-AGL: SPEC-2993 Change-Id: Ie9085e11560724baf4194fc6d17651d40523bab7 Signed-off-by: José Bollo --- .../recipes-security/cynagora/cynagora_%.bbappend | 5 +++++ ...ck-rules-to-allow-connections-to-pipewire.patch | 25 --------------------- .../0002-Grant-dbus-privilege-to-pipewire.patch | 26 ---------------------- .../security-manager/security-manager_%.bbappend | 9 ++++---- 4 files changed, 9 insertions(+), 56 deletions(-) create mode 100644 meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend delete mode 100644 meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch delete mode 100644 meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch (limited to 'meta-pipewire/recipes-security') diff --git a/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend new file mode 100644 index 00000000..9395c90c --- /dev/null +++ b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend @@ -0,0 +1,5 @@ + +do_install_append() { + echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial +} + diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch deleted file mode 100644 index 821c1e1d..00000000 --- a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch +++ /dev/null @@ -1,25 +0,0 @@ -From cc5cbaddad6fe559e9e482467266fb18fb00c6a7 Mon Sep 17 00:00:00 2001 -From: George Kiagiadakis -Date: Wed, 26 Jun 2019 16:02:13 +0300 -Subject: [PATCH] Adapt smack rules to allow connections to pipewire - -Signed-off-by: George Kiagiadakis ---- - policy/app-rules-template.smack | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack -index 910f40c..78b75de 100644 ---- a/policy/app-rules-template.smack -+++ b/policy/app-rules-template.smack -@@ -4,6 +4,7 @@ System ~PKG~ rwxat - ~APP~ System::Shared rx - ~APP~ System::Run rwxat - ~APP~ System::Log rwxa -+~APP~ System::Pipewire rw - ~APP~ _ l - ~APP~ User::Home rxl - ~APP~ User::App-Shared rwxat --- -2.20.1 - diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch deleted file mode 100644 index fbf9ca6f..00000000 --- a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f95469247c182b3c4b527af04b1ae50658461e85 Mon Sep 17 00:00:00 2001 -From: George Kiagiadakis -Date: Tue, 3 Sep 2019 16:24:49 +0300 -Subject: [PATCH] Grant dbus privilege to pipewire - ---- - policy/security-manager-policy-reload | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload -index 274c49c..a883048 100755 ---- a/policy/security-manager-policy-reload -+++ b/policy/security-manager-policy-reload -@@ -59,6 +59,9 @@ do - cyad --set-policy --bucket=MANIFESTS --client="$client" --user="*" --privilege="*" --type=ALLOW - done - -+# PipeWire needs to get access to dbus -+cyad --set-policy --bucket=MANIFESTS --client="System::Pipewire" --user="*" --privilege="http://tizen.org/privilege/internal/dbus" --type=ALLOW -+ - # Load privilege-group mappings - ( - echo "BEGIN;" --- -2.23.0.rc1 - diff --git a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend index 97d01822..59449446 100644 --- a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend +++ b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend @@ -1,5 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" -SRC_URI += "\ - file://0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch \ - file://0002-Grant-dbus-privilege-to-pipewire.patch \ - " + +do_install_append() { + echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack +} -- cgit 1.2.3-korg