summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-06-11 12:17:04 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2019-06-19 13:05:28 +0000
commit9d9c024ba9de04965aff3e0e2e8caa2abb80ab7c (patch)
tree6ab481137dbfb3036693f97af270c22b7fa85f23
parentbcd5334d789f61ac1f6b14de3f1f2febea27e06c (diff)
Enforce separation of users using UMASK
Users should not be able to read other user content. Use Umask to enforce that. Bug-AGL: SPEC-1016 Change-Id: Ibb61b7a6a7617117a499650c5bd70bdd5af3c328 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--meta-app-framework/recipes-core/base-files/base-files_%.bbappend6
-rw-r--r--meta-app-framework/recipes-core/shadow/shadow_%.bbappend6
2 files changed, 10 insertions, 2 deletions
diff --git a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
index 536ce8075..1dddcd6f2 100644
--- a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -2,8 +2,10 @@ RDEPENDS_${PN}_append_with-lsm-smack = " smack"
PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
do_install_append() {
- install -d ${D}/${sysconfdir}/skel/app-data
- install -d ${D}/${sysconfdir}/skel/.config
+ install -m 0700 -d ${D}/${sysconfdir}/skel
+ chmod -R 0700 ${D}/${sysconfdir}/skel
+ install -m 0700 -d ${D}/${sysconfdir}/skel/app-data
+ install -m 0700 -d ${D}/${sysconfdir}/skel/.config
install -m 0755 -d ${D}/var
if [ -d ${D}/usr/local ]; then
mv ${D}/usr/local ${D}/var
diff --git a/meta-app-framework/recipes-core/shadow/shadow_%.bbappend b/meta-app-framework/recipes-core/shadow/shadow_%.bbappend
new file mode 100644
index 000000000..4f594d47c
--- /dev/null
+++ b/meta-app-framework/recipes-core/shadow/shadow_%.bbappend
@@ -0,0 +1,6 @@
+
+do_install_append() {
+ sed -i '/^UMASK/s:^.*$:UMASK 077:' ${D}${sysconfdir}/login.defs
+}
+
+