diff options
author | Denys Dmytriyenko <denys@konsulko.com> | 2022-10-03 17:33:19 +0000 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2022-10-08 21:54:03 +0000 |
commit | 924b71fb656fec0925726174f65676ef6a8a9329 (patch) | |
tree | c8b38d0396cb34cf515cc622b2d1a5cb20875684 /meta-agl-core | |
parent | 50ed1c04261248c66a052d8b84be0c0288fe1728 (diff) |
meta-app-framework: applaunchd: run under a separate user
Since applaunchd needs to start/stop systemd units, the user is granted
elevated systemd unit-management permissions via PolKit policy. If applaunchd
and all the apps run under the same agl-driver user, all the apps have these
elevated systemd permissions too. Separating them into different users allows
removing elevated systemd unit-management permission from individual apps, but
leaving such permission for applaunchd, which enhances overall security of
the system.
- add new applaunchd user and group
- switch applaunchd (gRPC) service to be started under new user
- since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API,
applaunchd-dbus gets activated by agl-session and runs under agl-driver
- temporarily add agl-driver user into the applaunchd group and switch
PolKit policy to check for applaunchd group, instead of the user
- once D-Bus API is completely deprecated, agl-driver user can be removed
from applaunchd group
Bug-AGL: SPEC-4579
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'meta-agl-core')
-rw-r--r-- | meta-agl-core/files/group | 1 | ||||
-rw-r--r-- | meta-agl-core/files/passwd | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/meta-agl-core/files/group b/meta-agl-core/files/group index 10cec784e..4496112d6 100644 --- a/meta-agl-core/files/group +++ b/meta-agl-core/files/group @@ -89,6 +89,7 @@ wayland::201: display::202: agl-driver::1001: agl-passenger::1002: +applaunchd::1003: systemd-network::1005: systemd-resolve::1006: mosquitto::1007: diff --git a/meta-agl-core/files/passwd b/meta-agl-core/files/passwd index b97bf3b47..1b24d2760 100644 --- a/meta-agl-core/files/passwd +++ b/meta-agl-core/files/passwd @@ -23,6 +23,7 @@ sshd::996:996::: systemd-bus-proxy::995:995::: agl-driver::1001:1001::: agl-passenger::1002:1002::: +applaunchd::1003:1003::: messagebus::994:994::: afm::992:992::: systemd-timesync::988:988::: |