summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-support/libcap
diff options
context:
space:
mode:
authorStephane Desneux <stephane.desneux@iot.bzh>2016-06-23 16:00:59 +0000
committerStephane Desneux <stephane.desneux@iot.bzh>2016-06-28 21:54:04 +0000
commit7cd29bd3a27f9402fc13093cb7294f6a9e1b0059 (patch)
tree144b0b607607ef1fd93e1db8aadd31d308cffa2c /meta-app-framework/recipes-support/libcap
parent2e8cc1959ca6fcaff734312ffe063664e14db4cd (diff)
add layer meta-app-framework
meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-support/libcap')
-rw-r--r--meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch79
-rw-r--r--meta-app-framework/recipes-support/libcap/libcap_%.bbappend5
2 files changed, 84 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch
new file mode 100644
index 0000000..fd01c19
--- /dev/null
+++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch
@@ -0,0 +1,79 @@
+From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Fri, 22 Jan 2016 16:23:59 +0100
+Subject: [PATCH] removing capability enforcement
+
+Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30
+---
+ progs/setcap.c | 43 -------------------------------------------
+ 1 file changed, 43 deletions(-)
+
+diff --git a/progs/setcap.c b/progs/setcap.c
+index 83090ae..01faa17 100644
+--- a/progs/setcap.c
++++ b/progs/setcap.c
+@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer)
+
+ int main(int argc, char **argv)
+ {
+- int tried_to_cap_setfcap = 0;
+ char buffer[MAXCAP+1];
+ int retval, quiet=0, verify=0;
+ cap_t mycaps;
+@@ -150,53 +149,11 @@ int main(int argc, char **argv)
+ printf("%s: OK\n", *argv);
+ }
+ } else {
+- if (!tried_to_cap_setfcap) {
+- capflag = CAP_SETFCAP;
+-
+- /*
+- * Raise the effective CAP_SETFCAP.
+- */
+- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET)
+- != 0) {
+- perror("unable to manipulate CAP_SETFCAP - "
+- "try a newer libcap?");
+- exit(1);
+- }
+- if (cap_set_proc(mycaps) != 0) {
+- perror("unable to set CAP_SETFCAP effective capability");
+- exit(1);
+- }
+- tried_to_cap_setfcap = 1;
+- }
+ retval = cap_set_file(*++argv, cap_d);
+ if (retval != 0) {
+- int explained = 0;
+-#ifdef linux
+- cap_value_t cap;
+- cap_flag_value_t per_state;
+-
+- for (cap = 0;
+- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
+- cap++) {
+- cap_flag_value_t inh_state, eff_state;
+-
+- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
+- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
+- if ((inh_state | per_state) != eff_state) {
+- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
+- " exactly match the union of selected permitted and inheritable bits.\n");
+- explained = 1;
+- break;
+- }
+- }
+-#endif /* def linux */
+-
+ fprintf(stderr,
+ "Failed to set capabilities on file `%s' (%s)\n",
+ argv[0], strerror(errno));
+- if (!explained) {
+- usage();
+- }
+ }
+ }
+ if (cap_d) {
+--
+2.1.4
+
diff --git a/meta-app-framework/recipes-support/libcap/libcap_%.bbappend b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend
new file mode 100644
index 0000000..fbe8935
--- /dev/null
+++ b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS_append_class-native := ":${THISDIR}/${PN}"
+SRC_URI_append_class-native = " file://removing-capability-enforcement.patch"
+PACKAGECONFIG_class-native ?= "attr"
+DEPENDS_append_class-native = " attr-native"
+