diff options
author | Stephane Desneux <stephane.desneux@iot.bzh> | 2017-03-27 15:37:07 +0200 |
---|---|---|
committer | Stephane Desneux <stephane.desneux@iot.bzh> | 2017-03-27 17:43:10 +0200 |
commit | 497d7db5bfc71367c6393a09a2f768b812fce83f (patch) | |
tree | df8ffe1b8e5f74f2cf6c535fba55cc2c331061a8 /meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch | |
parent | a72d5234e827756647c0fb78e70e2d8e4d6f2ab0 (diff) |
Migrate meta-app-framework to meta-agl
Application Framework is now part of core AGL components
and has been moved from meta-agl-extra to meta-agl.
Bug-AGL: SPEC-448
The commit history has been kept and the following commits have been moved
from meta-agl-extra to meta-agl:
e08fc10 2017-03-14 13:07:12 +0100 jose.bollo@iot.bzh Move to AGL framework on top of systemd
8bdc96f 2017-03-24 16:15:04 +0100 ronan.lemartret@iot.bzh Rename webruntime DISTRO_FEATURES
02faef6 2017-03-14 12:50:03 +0100 jose.bollo@iot.bzh Upgrade application framework
9731d66 2017-03-08 14:19:42 +0100 jose.bollo@iot.bzh base-files for the framework
ed214a2 2017-03-06 17:19:16 +0100 jose.bollo@iot.bzh Ensure that eXtended Attributes are managed
2969a9f 2017-03-07 17:30:18 +0100 jose.bollo@iot.bzh shadow: 'useradd' copies root's extended attributes
e159294 2017-03-08 13:15:58 +0100 jose.bollo@iot.bzh Removes systemd warnings
d19db32 2017-03-06 17:11:33 +0100 ronan.lemartret@iot.bzh Add service dependency on run-agl-postinsts
d3a02ef 2017-02-23 23:41:45 +0700 tranmanphong@gmail.com Fix the error of homescreen for QEMU x86-64
913a263 2017-02-23 11:03:08 +0100 ronan.lemartret@iot.bzh Update af-main
d36e635 2017-02-17 14:35:31 +0100 stephane.desneux@iot.bzh aglwgt.bbclass: fix bashism
72265ee 2017-02-16 18:03:32 +0100 ronan.lemartret@iot.bzh Add dependency to images
f3292e8 2017-02-15 17:02:52 +0100 ronan.lemartret@iot.bzh Allowed wgt app to auto-install at the first boot
347aa4d 2017-02-15 16:54:11 +0100 ronan.lemartret@iot.bzh Add afm-install used to install wgt at first boot
9153078 2017-01-20 16:30:39 +0100 ronan.lemartret@iot.bzh Move feature code into the meta recipes
b5ce617 2017-01-16 19:43:03 +0100 jsmoeller@linuxfoundation.org Add missing DEPENDS to af-binder
ba2ad47 2016-10-25 16:11:27 +0200 ronan.lemartret@iot.bzh fix for gcc6 build
8f15654 2016-10-14 14:21:15 +0200 ronan.lemartret@iot.bzh fix libcap patch
24b96c4 2017-01-03 11:46:04 +0100 jose.bollo@iot.bzh Activates threading and hook features
f518d36 2017-01-02 17:10:24 +0100 ronan.lemartret@iot.bzh add fakeroot to aglwgt_deploy task
4c81238 2016-12-28 20:45:11 +0100 jsmoeller@linuxfoundation.org Be more precise in addtask
a930811 2016-12-28 19:15:54 +0100 jsmoeller@linuxfoundation.org Fix whitespace in aglwgt bbclass
de41ad3 2016-12-28 14:54:42 +0100 jsmoeller@linuxfoundation.org Add aglwgt class
5999238 2016-12-20 15:45:34 +0100 jose.bollo@iot.bzh Authorize the requested permissions
a79a010 2016-12-16 12:37:44 +0100 anton@advancedtelematic.com Don't override SYSTEMD_SERVICE of original recipe.
b6960b3 2016-12-14 16:34:29 +0100 stephane.desneux@iot.bzh af-main: remove --roothttp option from afm-launch.conf
524e557 2016-12-14 14:08:16 +0100 anton@advancedtelematic.com Move all writable data used by security-manager and appfw to /var
d32c40a 2016-12-14 11:26:23 +0100 jose.bollo@iot.bzh af-main: fix exec flag and case sensitive ids
9e930f5 2016-12-07 19:58:18 +0100 ronan.lemartret@iot.bzh add native build for af-main
5b8d3a4 2016-12-05 10:16:12 +0100 stephane.desneux@iot.bzh agl-appfw-smack: remove dependency on meta-agl-security
f45014a 2016-11-21 15:37:32 +0100 jose.bollo@iot.bzh Improves places for QT_WAYLAND_SHELL_INTEGRATION
d1c5151 2016-11-17 16:26:32 +0100 jose.bollo@iot.bzh smack: removed already applied patch
f0d8be8 2016-11-16 13:27:36 +0100 jose.bollo@iot.bzh appfwk: improvements
1d8243b 2016-11-10 12:46:59 +0100 stephane.desneux@iot.bzh meta-app-framework: fix unpackaged files in nativesdk-af-main
4da956c 2016-11-03 11:30:25 +0100 jose.bollo@iot.bzh Smack: add audit when smack is active
c6b0317 2016-11-08 11:38:51 +0100 jose.bollo@iot.bzh web-runtime: provide IVI tuning for porter
c294b3a 2016-11-08 17:27:51 +0100 jose.bollo@iot.bzh af-main: update
c50805d 2016-11-03 11:26:17 +0100 jose.bollo@iot.bzh Smack: fixup of bluetooth socket labelling
ce583cd 2016-11-01 15:52:09 +0100 ronan.lemartret@iot.bzh Allow build without meta-agl-demo
eadecc1 2016-10-14 13:25:07 +0200 jose.bollo@iot.bzh FWK: Adaptations for jethro
111007a 2016-09-20 14:40:51 +0200 jose.bollo@iot.bzh app-framework: Improvements
53ae34d 2016-09-05 17:13:10 +0200 jose.bollo@iot.bzh app-framework: improvements
8303ea3 2016-08-29 23:25:25 +0200 jose.bollo@iot.bzh Improves the handling of upgrade for websockets
2b33f74 2016-08-10 18:44:15 +0200 jose.bollo@iot.bzh app-framework: fix minor bugs
73771f1 2016-07-18 15:48:59 +0000 mbc@iot.bzh meta-app-framework: install missing libafbwsc library
edf0c91 2016-07-15 11:56:18 +0000 stephane.desneux@iot.bzh meta-app-framework: sync with latest af-main sources
f848612 2016-07-12 14:17:37 +0000 stephane.desneux@iot.bzh meta-app-framework: sync with latest af-binder sources
d277fb2 2016-07-11 21:05:55 +0000 stephane.desneux@iot.bzh meta-app-framework: add missing dependency between af-binder-dev and libafbwsc-dev
17fd881 2016-07-10 17:53:06 +0000 stephane.desneux@iot.bzh meta-app-framework: af-binder must create ${libdir}/afb at postinst time
c664012 2016-07-08 15:08:25 +0000 stephane.desneux@iot.bzh meta-app-framework: add af-main-tools and dependencies in nativesdk-packagegroup-sdk-host
d7a5a54 2016-07-08 14:24:51 +0000 stephane.desneux@iot.bzh meta-app-framework: af-binder source code update
68dde03 2016-07-05 16:04:51 +0000 stephane.desneux@iot.bzh meta-app-framework: build master branch
f3b34f5 2016-06-28 22:13:58 +0000 stephane.desneux@iot.bzh add features agl-demo, agl-appfw-smack and agl-localdev
f4b76be 2016-06-28 21:34:29 +0000 stephane.desneux@iot.bzh add feature agl-appfw-smack
e80d00c 2016-06-24 11:01:25 +0200 jose.bollo@iot.bzh upgrade to new namings and bug fixes
7cd29bd 2016-06-23 16:00:59 +0000 stephane.desneux@iot.bzh add layer meta-app-framework
Change-Id: I4ee34dfd8810ae6f10435308b1005e11e03bd05a
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch')
-rw-r--r-- | meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch deleted file mode 100644 index b0c5ee8..0000000 --- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 2e65b888820ea372984d412cee3bd7dcba05d7d2 Mon Sep 17 00:00:00 2001 -From: Casey Schaufler <casey@schaufler-ca.com> -Date: Mon, 7 Dec 2015 14:34:32 -0800 -Subject: [PATCH 1/4] Smack: File receive for sockets - -The existing file receive hook checks for access on -the file inode even for UDS. This is not right, as -the inode is not used by Smack to make access checks -for sockets. This change checks for an appropriate -access relationship between the receiving (current) -process and the socket. If the process can't write -to the socket's send label or the socket's receive -label can't write to the process fail. - -This will allow the legitimate cases, where the -socket sender and socket receiver can freely communicate. -Only strangly set socket labels should cause a problem. - -Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b644757..487b2f3 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -1672,9 +1672,31 @@ static int smack_file_receive(struct file *file) - int may = 0; - struct smk_audit_info ad; - struct inode *inode = file_inode(file); -+ struct socket *sock; -+ struct task_smack *tsp; -+ struct socket_smack *ssp; - - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); - smk_ad_setfield_u_fs_path(&ad, file->f_path); -+ -+ if (S_ISSOCK(inode->i_mode)) { -+ sock = SOCKET_I(inode); -+ ssp = sock->sk->sk_security; -+ tsp = current_security(); -+ /* -+ * If the receiving process can't write to the -+ * passed socket or if the passed socket can't -+ * write to the receiving process don't accept -+ * the passed socket. -+ */ -+ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ if (rc < 0) -+ return rc; -+ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ return rc; -+ } - /* - * This code relies on bitmasks. - */ --- -2.7.4 - |