aboutsummaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core/af-main
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-10-14 13:25:07 +0200
committerStephane Desneux <stephane.desneux@iot.bzh>2017-03-27 15:33:39 +0200
commite991cf3a068e936f4a49a9dd4973c52a64bc4ac2 (patch)
tree2067355091742ffd1b45194b3f5701228bcbef1c /meta-app-framework/recipes-core/af-main
parent7c78310bbf21d3e94e673434df393d669c4ef882 (diff)
FWK: Adaptations for jethro
Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. It also includes evolutions of the security model to be synchronized with the deletion of 'User'. The recommended version to use now is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285. Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-core/af-main')
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.bb20
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.inc2
2 files changed, 17 insertions, 5 deletions
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
index 75cdcc3ef..d8d7af46f 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -52,18 +52,30 @@ do_install_append() {
fi
}
+do_install_append_smack () {
+ install -d ${D}/${sysconfdir}/smack/accesses.d
+ cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
+System User::App-Shared rwxat
+System User::Home rwxat
+EOF
+ chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
+ install -d ${D}/${sysconfdir}/skel/app-data
+ chsmack -a 'User::Home' -t -D ${D}/${sysconfdir}/skel
+ chsmack -a 'User::App-Shared' -D ${D}/${sysconfdir}/skel/app-data
+}
+
pkg_postinst_${PN}() {
mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
- setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
pkg_postinst_${PN}_smack() {
mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
- setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
index aff685f0d..880654e8c 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
@@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \
${SRC_URI_files} \
"
-SRCREV = "970a20a55d3a7dba32360ce596e61a2b32c9f4ee"
+SRCREV = "c31038db1cff938d7fa1f12f757c1c57ab51c0bd"
S = "${WORKDIR}/git"