aboutsummaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc
diff options
context:
space:
mode:
authorJan-Simon Moeller <jsmoeller@linuxfoundation.org>2020-12-08 11:12:45 +0100
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2020-12-17 13:59:52 +0000
commit1c3c06842ac1b9c089d0a08e91c60f44e4844fac (patch)
tree21e97368be8f78a3e76b66dfda24c1d5e774519f /meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc
parentc1e048fc05542d859115990312e0753ce2dea72e (diff)
SPEC-3723: restructure meta-agl
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769
Diffstat (limited to 'meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc')
-rw-r--r--meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc55
1 files changed, 55 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc b/meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc
new file mode 100644
index 000000000..21529e96b
--- /dev/null
+++ b/meta-app-framework/recipes-connectivity/bluez5/bluez5_appfw.inc
@@ -0,0 +1,55 @@
+# Recent bluez5 releases started limiting the capabilities of
+# bluetoothd. When running on a Smack-enabled system, that change has the
+# effect that bluetoothd can no longer create the input device under
+# /sys because bluez5 running with label "System" has no write
+# access to that.
+#
+# It works when running as normal root with unrestricted capabilities
+# because then CAP_MAC_OVERRIDE (a Smack-specific capability) allows
+# the process to ignore Smack rules.
+#
+# We need to ensure that bluetoothd still has that capability.
+#
+# To fix the issue, Patick and Casey(the Smack architect) had a talk
+# about it in Ostro dev mail list. Casey has some ideas about the issue:
+# "Turning off privilege is a great thing to do *so long as you don't
+# really need the privilege*. In this case you really need it.
+# The application package isn't written to account for Smack's use of
+# CAP_MAC_OVERRIDE as the mechanism for controlling this dangerous operation.
+# Yes, it would be possible to change /proc to change the Smack label on
+# that particular file, but that might open other paths for exploit.
+# I say give the program the required capability. The program maintainer
+# may well say change the kernel handling of /proc. You're stuck in the
+# middle, as both work the way they're intended and hence the system
+# doesn't work. :( There isn't a way to make this work without "loosening"
+# something."
+# Therefore, when we we run the program with CAP_MAC_OVERRIDE,
+# the whole reason for having capabilities is so the we can give a
+# process the ability to bypass one kind of check without giving it the
+# ability to bypass other, unrelated checks. A process with
+# CAP_MAC_OVERRIDE is still constrained by the file mode bits.
+# We was overly worried about granting that capability.
+# When it has no other effect than excluding a process from Smack MAC enforcement,
+# then adding to the process seems like the right solution for now.
+#
+# The conclusion from Patick and Casey is that the Smack architect give the key point
+# that this is the solution preferred.
+#
+# Because the solution is to some extend specific to the environment
+# in which connmand runs, this change is not submitted upstream
+# and it can be overridden by a distro via FIX_BLUEZ5_CAPABILITIES.
+#
+# The related patch has been submitted to upstream too.
+# upstream link: http://permalink.gmane.org/gmane.linux.bluez.kernel/67993
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI_append_with-lsm-smack = "\
+ file://bluetooth.service.conf \
+"
+
+FILES_${PN}_append = " ${systemd_unitdir}"
+
+do_install_append_with-lsm-smack() {
+ install -Dm0644 ${WORKDIR}/bluetooth.service.conf ${D}${systemd_unitdir}/system/bluetooth.service.d/smack.conf
+}