add meta-app-framework to meta-agl

meta-app-framework is a layer containing the AGL App Framework recipes

4 new layers are added for application framework:
* meta-intel-iot-security/meta-security-smack
* meta-intel-iot-security/meta-security-framework
* meta-agl/meta-agl-security
* meta-agl/meta-app-framework

In the templates files, the following changes were done:
* activation of Smack and Cynara
* modify the tar command to be used to support Smack extended attributes

Change-Id: If369221ca7614fe0072f2a0f99a5051ef2af831d
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>

1 files changed, 14 insertions, 0 deletions

diff --git a/meta-agl/conf/distro/poky-agl.conf b/meta-agl/conf/distro/poky-agl.conf
index 6d6f120fe..e1dac683d 100644
--- a/meta-agl/conf/distro/poky-agl.conf
+++ b/meta-agl/conf/distro/poky-agl.conf
@@ -137,6 +137,20 @@ BB_DANGLINGAPPENDS_WARNONLY = "1"
 
 # enforce security-related compiler flags by default
 require conf/distro/include/security_flags.inc
+
 # required overrides, upstreamed but not merged yet:
 # http://lists.openembedded.org/pipermail/openembedded-devel/2016-June/107727.html
 SECURITY_CFLAGS_pn-llvm3.3 = "${SECURITY_NO_PIE_CFLAGS}"
+
+# enable security features (smack, cynara) - required by Application Framework
+OVERRIDES .= ":smack"
+DISTRO_FEATURES_append = " smack dbus-cynara"
+
+# use tar-native to support SMACK extended attributes independently of host config
+IMAGE_CMD_TAR = "tar --xattrs-include='*'"
+IMAGE_DEPENDS_tar_append = " tar-replacement-native"
+EXTRANATIVEPATH += "tar-native"
+
+# security: enable ssh server in place of dropbear to support PAM on user sessions
+IMAGE_FEATURES += "ssh-server-openssh"
+