From 7cd29bd3a27f9402fc13093cb7294f6a9e1b0059 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 23 Jun 2016 16:00:59 +0000 Subject: add layer meta-app-framework meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux --- .../libcap/removing-capability-enforcement.patch | 79 ++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch (limited to 'meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch') diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch new file mode 100644 index 0000000..fd01c19 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -0,0 +1,79 @@ +From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Fri, 22 Jan 2016 16:23:59 +0100 +Subject: [PATCH] removing capability enforcement + +Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 +--- + progs/setcap.c | 43 ------------------------------------------- + 1 file changed, 43 deletions(-) + +diff --git a/progs/setcap.c b/progs/setcap.c +index 83090ae..01faa17 100644 +--- a/progs/setcap.c ++++ b/progs/setcap.c +@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer) + + int main(int argc, char **argv) + { +- int tried_to_cap_setfcap = 0; + char buffer[MAXCAP+1]; + int retval, quiet=0, verify=0; + cap_t mycaps; +@@ -150,53 +149,11 @@ int main(int argc, char **argv) + printf("%s: OK\n", *argv); + } + } else { +- if (!tried_to_cap_setfcap) { +- capflag = CAP_SETFCAP; +- +- /* +- * Raise the effective CAP_SETFCAP. +- */ +- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) +- != 0) { +- perror("unable to manipulate CAP_SETFCAP - " +- "try a newer libcap?"); +- exit(1); +- } +- if (cap_set_proc(mycaps) != 0) { +- perror("unable to set CAP_SETFCAP effective capability"); +- exit(1); +- } +- tried_to_cap_setfcap = 1; +- } + retval = cap_set_file(*++argv, cap_d); + if (retval != 0) { +- int explained = 0; +-#ifdef linux +- cap_value_t cap; +- cap_flag_value_t per_state; +- +- for (cap = 0; +- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1; +- cap++) { +- cap_flag_value_t inh_state, eff_state; +- +- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state); +- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state); +- if ((inh_state | per_state) != eff_state) { +- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n" +- " exactly match the union of selected permitted and inheritable bits.\n"); +- explained = 1; +- break; +- } +- } +-#endif /* def linux */ +- + fprintf(stderr, + "Failed to set capabilities on file `%s' (%s)\n", + argv[0], strerror(errno)); +- if (!explained) { +- usage(); +- } + } + } + if (cap_d) { +-- +2.1.4 + -- cgit 1.2.3-korg