diff options
Diffstat (limited to 'meta-app-framework')
4 files changed, 71 insertions, 5 deletions
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 75cdcc3..d8d7af4 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -52,18 +52,30 @@ do_install_append() { fi } +do_install_append_smack () { + install -d ${D}/${sysconfdir}/smack/accesses.d + cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF +System User::App-Shared rwxat +System User::Home rwxat +EOF + chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user + install -d ${D}/${sysconfdir}/skel/app-data + chsmack -a 'User::Home' -t -D ${D}/${sysconfdir}/skel + chsmack -a 'User::App-Shared' -D ${D}/${sysconfdir}/skel/app-data +} + pkg_postinst_${PN}() { mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons - setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon + setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons - setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon + setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index aff685f..880654e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "970a20a55d3a7dba32360ce596e61a2b32c9f4ee" +SRCREV = "c31038db1cff938d7fa1f12f757c1c57ab51c0bd" S = "${WORKDIR}/git" diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch new file mode 100644 index 0000000..4c91f7f --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch @@ -0,0 +1,50 @@ +From 935e4e4e746b5ffcda80c80097dc75c2581c1a89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Wed, 19 Oct 2016 13:45:54 +0200 +Subject: [PATCH] Adapt rules to AGL +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git +as basis for the integration of security framework. The security framework +that it provides is an evolution of the security framework of tizen refited +to the distribution Ostro of Intel. This refit took the decision to simplify +the model by removing the running label "User". More can be viewed here: +https://github.com/01org/meta-intel-iot-security/pull/116 + +This commits adapt the template to the rules that are now needed +after this evolution. + +It also integrates one other evolutions: the shared label becomes User::App-Shared instead +of User::App::Shared to avoid collision with application of id "Shared". + +Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546 +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +--- + policy/app-rules-template.smack | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack +index 1311169..b4cd2e3 100644 +--- a/policy/app-rules-template.smack ++++ b/policy/app-rules-template.smack +@@ -1,12 +1,10 @@ +-System ~APP~ rwx ++System ~APP~ rwxa ++System ~PKG~ rwxat + ~APP~ System wx + ~APP~ System::Shared rx + ~APP~ System::Run rwxat + ~APP~ System::Log rwxa + ~APP~ _ l +-User ~APP~ rwxa +-User ~PKG~ rwxat +-~APP~ User wx + ~APP~ User::Home rxl +-~APP~ User::App::Shared rwxat ++~APP~ User::App-Shared rwxat + ~APP~ ~PKG~ rwxat +-- +2.7.4 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend new file mode 100644 index 0000000..d3a110d --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" + +SRC_URI += " file://0001-Adapt-rules-to-AGL.patch " + |