diff options
author | Stephane Desneux <stephane.desneux@iot.bzh> | 2016-06-23 16:00:59 +0000 |
---|---|---|
committer | Stephane Desneux <stephane.desneux@iot.bzh> | 2016-06-28 21:54:04 +0000 |
commit | 7cd29bd3a27f9402fc13093cb7294f6a9e1b0059 (patch) | |
tree | 144b0b607607ef1fd93e1db8aadd31d308cffa2c /meta-app-framework/recipes-support/libcap | |
parent | 2e8cc1959ca6fcaff734312ffe063664e14db4cd (diff) |
add layer meta-app-framework
meta-app-framework is a layer containing the AGL App Framework recipes
4 new layers are added for application framework:
* meta-intel-iot-security/meta-security-smack
* meta-intel-iot-security/meta-security-framework
* meta-agl/meta-agl-security
* meta-agl/meta-app-framework
Configuration file changes to support AppFw:
* activation of Smack and Cynara
* modify the tar command to be used to support Smack extended attributes
Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-support/libcap')
-rw-r--r-- | meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch | 79 | ||||
-rw-r--r-- | meta-app-framework/recipes-support/libcap/libcap_%.bbappend | 5 |
2 files changed, 84 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch new file mode 100644 index 0000000..fd01c19 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -0,0 +1,79 @@ +From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Fri, 22 Jan 2016 16:23:59 +0100 +Subject: [PATCH] removing capability enforcement + +Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 +--- + progs/setcap.c | 43 ------------------------------------------- + 1 file changed, 43 deletions(-) + +diff --git a/progs/setcap.c b/progs/setcap.c +index 83090ae..01faa17 100644 +--- a/progs/setcap.c ++++ b/progs/setcap.c +@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer) + + int main(int argc, char **argv) + { +- int tried_to_cap_setfcap = 0; + char buffer[MAXCAP+1]; + int retval, quiet=0, verify=0; + cap_t mycaps; +@@ -150,53 +149,11 @@ int main(int argc, char **argv) + printf("%s: OK\n", *argv); + } + } else { +- if (!tried_to_cap_setfcap) { +- capflag = CAP_SETFCAP; +- +- /* +- * Raise the effective CAP_SETFCAP. +- */ +- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) +- != 0) { +- perror("unable to manipulate CAP_SETFCAP - " +- "try a newer libcap?"); +- exit(1); +- } +- if (cap_set_proc(mycaps) != 0) { +- perror("unable to set CAP_SETFCAP effective capability"); +- exit(1); +- } +- tried_to_cap_setfcap = 1; +- } + retval = cap_set_file(*++argv, cap_d); + if (retval != 0) { +- int explained = 0; +-#ifdef linux +- cap_value_t cap; +- cap_flag_value_t per_state; +- +- for (cap = 0; +- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1; +- cap++) { +- cap_flag_value_t inh_state, eff_state; +- +- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state); +- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state); +- if ((inh_state | per_state) != eff_state) { +- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n" +- " exactly match the union of selected permitted and inheritable bits.\n"); +- explained = 1; +- break; +- } +- } +-#endif /* def linux */ +- + fprintf(stderr, + "Failed to set capabilities on file `%s' (%s)\n", + argv[0], strerror(errno)); +- if (!explained) { +- usage(); +- } + } + } + if (cap_d) { +-- +2.1.4 + diff --git a/meta-app-framework/recipes-support/libcap/libcap_%.bbappend b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend new file mode 100644 index 0000000..fbe8935 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_append_class-native := ":${THISDIR}/${PN}" +SRC_URI_append_class-native = " file://removing-capability-enforcement.patch" +PACKAGECONFIG_class-native ?= "attr" +DEPENDS_append_class-native = " attr-native" + |