summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan-Simon Moeller <jsmoeller@linuxfoundation.org>2016-12-14 18:24:09 +0000
committerGerrit Code Review <gerrit@automotivelinux.org>2016-12-14 18:24:09 +0000
commit6bcddb9900436c82b08039fa97de9bb057810c4e (patch)
treefb578d47ca75f50352b72f83f314091a98fe47d2
parentb6960b346e4efc0f74a0618744d4decc05358258 (diff)
parent524e55787139d2eb728106871499023daa95aba6 (diff)
Merge "Move all writable data used by security-manager and appfw to /var"
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service15
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh7
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.bb22
-rw-r--r--meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb2
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch196
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service15
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh6
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend14
-rw-r--r--meta-app-framework/recipes-example/afm-client/files/afm-client.service2
9 files changed, 270 insertions, 9 deletions
diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service
new file mode 100644
index 0000000..7e3b9e4
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service
@@ -0,0 +1,15 @@
+#
+# Install security-manager DB to /var
+
+[Unit]
+Description=Deploy AFM directories to /var
+After=sysinit.target
+Before=afm-system-daemon.service
+Before=afm-user-daemon.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/init-afm-dirs.sh
diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh
new file mode 100644
index 0000000..97cf272
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ ! -e "/var/lib/afm" ]; then
+ mkdir -p /var/lib
+ cp -ra /usr/share/afm /var/lib
+fi
+
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
index 611307f..834e293 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -16,7 +16,8 @@ DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip"
afm_name = "afm"
afm_confdir = "${sysconfdir}/${afm_name}"
-afm_datadir = "${datadir}/${afm_name}"
+afm_datadir = "/var/lib/${afm_name}"
+afm_init_datadir = "${datadir}/${afm_name}"
afb_binding_dir = "${libdir}/afb"
EXTRA_OECMAKE_class-native = "\
@@ -46,8 +47,12 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}"
SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service"
SYSTEMD_AUTO_ENABLE = "enable"
+SRC_URI_append = "file://init-afm-dirs.sh \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://init-afm-dirs.service', '', d)}"
+
FILES_${PN} += "\
- ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \
+ ${bindir}/init-afm-dirs.sh \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service ${systemd_unitdir}/system/init-afm-dirs.service', '', d)} \
"
RDEPENDS_${PN}_append_smack = " smack-userspace"
@@ -60,9 +65,14 @@ SRC_URI += "\
"
do_install_append() {
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir}
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants
+ mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants
ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants
+ install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service
+ ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants
fi
}
@@ -79,15 +89,15 @@ EOF
}
pkg_postinst_${PN}() {
- mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
+ mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons
setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
pkg_postinst_${PN}_smack() {
- mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
- chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
- chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
+ mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons
+ chown ${afm_name}:${afm_name} $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons
+ chsmack -a 'System::Shared' -t $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons
setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb
index 0169e6b..ba70c59 100644
--- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb
@@ -8,7 +8,7 @@ DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzi
afm_name = "afm"
afm_confdir = "${sysconfdir}/${afm_name}"
-afm_datadir = "${datadir}/${afm_name}"
+afm_datadir = "/var/lib/${afm_name}"
EXTRA_OECMAKE = "\
-DUSE_LIBZIP=1 \
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
new file mode 100644
index 0000000..4830db2
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
@@ -0,0 +1,196 @@
+From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Mon, 16 Nov 2015 14:26:25 +0100
+Subject: [PATCH] Removing tizen-platform-config
+
+Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
+---
+ policy/security-manager-policy-reload | 2 +-
+ src/common/file-lock.cpp | 4 +---
+ src/common/include/file-lock.h | 1 -
+ src/common/include/privilege_db.h | 3 +--
+ src/common/service_impl.cpp | 39 +++++++++++------------------------
+ src/common/smack-rules.cpp | 12 ++++-------
+ 6 files changed, 19 insertions(+), 42 deletions(-)
+
+diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
+index 6f211c6..ed8047a 100755
+--- a/policy/security-manager-policy-reload
++++ b/policy/security-manager-policy-reload
+@@ -2,7 +2,7 @@
+
+ POLICY_PATH=/usr/share/security-manager/policy
+ PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
+-DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
++DB_FILE=/var/db/security-manager/.security-manager.db
+
+ # Create default buckets
+ while read bucket default_policy
+diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
+index 6f3996c..1dada17 100644
+--- a/src/common/file-lock.cpp
++++ b/src/common/file-lock.cpp
+@@ -30,9 +30,7 @@
+
+ namespace SecurityManager {
+
+-char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
+- "lock",
+- "security-manager.lock");
++char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock";
+
+ FileLocker::FileLocker(const std::string &lockFile, bool blocking)
+ {
+diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
+index 604b019..21a86a0 100644
+--- a/src/common/include/file-lock.h
++++ b/src/common/include/file-lock.h
+@@ -29,7 +29,6 @@
+
+ #include <dpl/exception.h>
+ #include <dpl/noncopyable.h>
+-#include <tzplatform_config.h>
+
+ namespace SecurityManager {
+
+diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
+index 4d73d90..03c6680 100644
+--- a/src/common/include/privilege_db.h
++++ b/src/common/include/privilege_db.h
+@@ -34,14 +34,13 @@
+ #include <string>
+
+ #include <dpl/db/sql_connection.h>
+-#include <tzplatform_config.h>
+
+ #ifndef PRIVILEGE_DB_H_
+ #define PRIVILEGE_DB_H_
+
+ namespace SecurityManager {
+
+-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
++const char *const PRIVILEGE_DB_PATH = "/var/db/security-manager/.security-manager.db";
+
+ enum class QueryType {
+ EGetPkgPrivileges,
+diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
+index ae305d3..65cc8b5 100644
+--- a/src/common/service_impl.cpp
++++ b/src/common/service_impl.cpp
+@@ -32,7 +32,6 @@
+ #include <algorithm>
+
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+
+ #include "protocols.h"
+ #include "privilege_db.h"
+@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
+
+ static uid_t getGlobalUserId(void)
+ {
+- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
++ static uid_t globaluid = 0;
++ if (!globaluid) {
++ struct passwd pw, *p;
++ char buf[4096];
++ int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p);
++ globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
++ }
+ return globaluid;
+ }
+
+@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
+
+ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
+ {
+- struct tzplatform_context *tz_ctx = nullptr;
+-
+- if (tzplatform_context_create(&tz_ctx))
+- return false;
+-
+- if (tzplatform_context_set_user(tz_ctx, uid)) {
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
++ struct passwd pw, *p;
++ char buf[4096];
++ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
++ if (rc || p == NULL)
+ return false;
+- }
+-
+- enum tzplatform_variable id =
+- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
+- const char *appDir = tzplatform_context_getenv(tz_ctx, id);
+- if (!appDir) {
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
+- return false;
+- }
+-
+- userAppDir = appDir;
+-
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
+-
++ userAppDir = p->pw_dir;
+ return true;
+ }
+
+ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
+ {
+- std::string userHome;
+ std::string userAppDir;
+ std::stringstream correctPath;
+
+diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
+index d834e42..8b5728b 100644
+--- a/src/common/smack-rules.cpp
++++ b/src/common/smack-rules.cpp
+@@ -34,7 +34,6 @@
+ #include <memory>
+
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+
+ #include "smack-labels.h"
+ #include "smack-rules.h"
+@@ -43,7 +42,7 @@ namespace SecurityManager {
+
+ const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~";
+ const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~";
+-const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
++const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack";
+ const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat";
+
+ SmackRules::SmackRules()
+@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
+
+ std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
+ {
+- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
+- return path;
++ return "/etc/smack/accesses.d/pkg_" + pkgId;
+ }
+
+ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
+ {
+- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
+- return path;
++ return "/etc/smack/accesses.d/app_" + appId;
+ }
+ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
+@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
+ for (auto privilege : privileges) {
+ if (privilege.empty())
+ continue;
+- std::string fprivilege ( privilege + "-template.smack");
+- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
++ std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack";
+ if( stat(path.c_str(), &buffer) == 0)
+ smackRules.addFromTemplateFile(appId, pkgId, path);
+ }
+--
+2.1.4
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
new file mode 100644
index 0000000..8ed5e86
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
@@ -0,0 +1,15 @@
+#
+# Install security-manager DB to /var
+
+[Unit]
+Description=Install Security Manager database
+After=sysinit.target
+Before=security-manager.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/bin/init-security-manager-db.sh
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
new file mode 100644
index 0000000..ef41286
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ ! -e "/var/db/security-manager" ]; then
+ mkdir -p /var/db
+ cp -ra /usr/dbspace/ /var/db/security-manager
+fi
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
index d3a110d..b4b5e01 100644
--- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
+++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -1,4 +1,16 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
-SRC_URI += " file://0001-Adapt-rules-to-AGL.patch "
+SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \
+ file://init-security-manager-db.service \
+ file://init-security-manager-db.sh"
+SYSTEMD_SERVICE_${PN} = "init-security-manager-db.service"
+
+FILES_${PN}_append = "${bindir}/init-security-manager-db.sh"
+
+do_install_append () {
+ install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service
+ fi
+}
diff --git a/meta-app-framework/recipes-example/afm-client/files/afm-client.service b/meta-app-framework/recipes-example/afm-client/files/afm-client.service
index 688c91f..7357174 100644
--- a/meta-app-framework/recipes-example/afm-client/files/afm-client.service
+++ b/meta-app-framework/recipes-example/afm-client/files/afm-client.service
@@ -2,7 +2,7 @@
Description=Simplest application manager
[Service]
-ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/usr/share/afm/icons
+ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/var/lib/afm/icons
Restart=on-failure
RestartSec=5