summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core
diff options
context:
space:
mode:
authorStephane Desneux <stephane.desneux@iot.bzh>2017-03-27 16:44:59 +0200
committerStephane Desneux <stephane.desneux@iot.bzh>2017-03-27 16:46:17 +0200
commit7fcf42ba21c2a00a60f32140924fefc3cc39ad28 (patch)
tree49b2eaa11dd2c241dd7fe77b74b7ced1ac1d1d81 /meta-app-framework/recipes-core
parent5875cc45a671b1a3e7671ec84ec6ebb1ab17696a (diff)
parent976e5d5e866d4099e55a50e0fa8d898ea36ad371 (diff)
Merge: migrate appfw from meta-agl-extra
Change-Id: Ic56b86228bb748a54352e79acadf0da1c947be76 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
Diffstat (limited to 'meta-app-framework/recipes-core')
-rw-r--r--meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb78
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch29
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch12
-rwxr-xr-xmeta-app-framework/recipes-core/af-main/af-main/afm-install44
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.bb106
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.inc26
-rw-r--r--meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb26
-rw-r--r--meta-app-framework/recipes-core/base-files/base-files_%.bbappend22
-rw-r--r--meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend2
-rw-r--r--meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb16
-rw-r--r--meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb20
-rw-r--r--meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend9
-rw-r--r--meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend3
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch50
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch40
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch38
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch196
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service15
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh6
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend22
-rwxr-xr-xmeta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime2
-rw-r--r--meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml13
-rw-r--r--meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml13
-rw-r--r--meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb34
24 files changed, 822 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb
new file mode 100644
index 000000000..2ecb2aa94
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb
@@ -0,0 +1,78 @@
+SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support"
+DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \
+interface to various automotive-oriented bindings, \
+allowing HTML5 UIs to send platform-specific requests in a secure way."
+HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+DEPENDS = "file json-c libmicrohttpd systemd util-linux openssl"
+
+SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=master"
+SRC_URI_files = ""
+SRC_URI = "${SRC_URI_git} \
+ ${SRC_URI_files} \
+ "
+
+SRCREV = "e85e5d8ffe242f826b5f98e2834407b5d4c46690"
+S = "${WORKDIR}/git"
+
+inherit cmake pkgconfig
+
+FILES_${PN} += "${datadir}"
+
+pkg_postinst_${PN}() {
+ mkdir -p "$D${libdir}/afb"
+}
+
+#############################################
+# setup meta package
+#############################################
+PACKAGES += "${PN}-meta"
+ALLOW_EMPTY_${PN}-meta = "1"
+
+#############################################
+# setup sample binding packages
+#############################################
+PACKAGES_DYNAMIC = "${PN}-binding-*"
+
+python populate_packages_prepend () {
+ afb_libdir = d.expand('${libdir}/afb')
+ postinst = d.getVar('binding_postinst', True)
+ pkgs = []
+ pkgs_dbg = []
+
+ pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}'))
+ pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}'))
+
+ pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}'))
+ pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}'))
+
+ metapkg = d.getVar('PN', True) + '-meta'
+ d.setVar('RDEPENDS_' + metapkg, ' '.join(pkgs))
+}
+
+#############################################
+# setup libafbwsc package
+#############################################
+PACKAGES =+ "libafbwsc libafbwsc-dev libafbwsc-dbg"
+
+FILES_libafbwsc = "\
+ ${libdir}/libafbwsc.so.* \
+"
+FILES_libafbwsc-dev = "\
+ ${includedir}/afb/afb-wsj1.h \
+ ${includedir}/afb/afb-ws-client.h \
+ ${bindir}/afb-client-demo \
+ ${libdir}/libafbwsc.so \
+ ${libdir}/pkgconfig/libafbwsc.pc \
+"
+FILES_libafbwsc-dbg = "\
+ ${libdir}/.debug/libafbwsc.so.* \
+ ${bindir}/.debug/afb-client-demo \
+"
+RDEPENDS_libafbwsc-dbg += "${PN}-dbg libafbwsc-dev"
+
+RDEPENDS_${PN}-dev += "libafbwsc-dev"
+
diff --git a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
new file mode 100644
index 000000000..44e8bce1e
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
@@ -0,0 +1,29 @@
+From a4fbfb88f1b7c4f4287d9279767220fae80d26da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Thu, 21 Jan 2016 15:07:29 +0100
+Subject: [PATCH] Hack to allow the debugging
+
+This is a temporarily fix to continue debugging
+afm-main. This should be removed later.
+
+Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa
+---
+ conf/afm-user-daemon.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/afm-user-daemon.conf b/conf/afm-user-daemon.conf
+index 801c7ae..98a3152 100644
+--- a/conf/afm-user-daemon.conf
++++ b/conf/afm-user-daemon.conf
+@@ -25,7 +25,7 @@
+ </policy>
+
+ <policy context="default">
+- <deny own="org.AGL.afm.user"/>
++ <allow own="org.AGL.afm.user"/>
+ <allow send_destination="org.AGL.afm.system"/>
+ </policy>
+
+--
+2.1.4
+
diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch
new file mode 100644
index 000000000..c92415b80
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch
@@ -0,0 +1,12 @@
+diff --git a/conf/afm-unit.conf b/conf/afm-unit.conf
+index 82113ef..2fbc9e2 100644
+--- a/conf/afm-unit.conf
++++ b/conf/afm-unit.conf
+@@ -127,6 +127,7 @@ SuccessExitStatus=0 SIGKILL
+ WorkingDirectory=-{{&#metadata.app-data-dir}}/{{id}}
+ ExecStartPre=/bin/mkdir -p {{&#metadata.app-data-dir}}/{{id}}
+ Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
++Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell
+
+ %systemd-unit user
+ {{#required-permission.urn:AGL:permission::public:hidden}}\
diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install
new file mode 100755
index 000000000..6d37baed8
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main/afm-install
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+pretty() {
+ sed \
+ -e '/^method return .*/d' \
+ -e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \
+ -e 's/^ string "\(.*\)"/\1/' \
+ -e 's/},/&\n/'
+}
+
+send() {
+ dbus-send --system --print-reply \
+ --dest=org.AGL.afm.system \
+ /org/AGL/afm/system \
+ org.AGL.afm.system.$1 \
+ "string:$2" |
+ pretty
+}
+
+case "$1" in
+
+ add|install)
+ f=$(realpath $2)
+ send install '{"wgt":"'"$f"'","force":true}'
+ ;;
+
+ -h|--help|help)
+ cat << EOC
+
+The commands are:
+
+ add wgt
+ install wgt install the wgt file
+
+EOC
+ ;;
+
+ *)
+ echo "unknown command $1" >&2
+ exit 1
+ ;;
+esac
+
+
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
new file mode 100644
index 000000000..3c1b692f3
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -0,0 +1,106 @@
+require af-main_${PV}.inc
+
+# NOTE: using libcap-native and setcap in install doesn't work
+# NOTE: there is no SYSTEMD_USER_SERVICE_...
+# NOTE: maybe setting afm_name to agl-framework is cleaner but has implications
+# NOTE: there is a hack of security for using groups and dbus (to be checked)
+# NOTE: using ZIP programs creates directories with mode 777 (very bad)
+
+inherit cmake pkgconfig useradd systemd
+BBCLASSEXTEND = "native"
+
+SECTION = "base"
+
+DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager libcap-native af-binder"
+DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c"
+
+EXTRA_OECMAKE_class-native = "\
+ -DUSE_LIBZIP=1 \
+ -DUSE_SIMULATION=1 \
+ -DUSE_SDK=1 \
+ -Dafm_name=${afm_name} \
+ -Dafm_confdir=${afm_confdir} \
+ -Dafm_datadir=${afm_datadir} \
+"
+
+EXTRA_OECMAKE = "\
+ -DUSE_LIBZIP=1 \
+ -DUSE_SIMULATION=0 \
+ -DUSE_SDK=0 \
+ -Dafm_name=${afm_name} \
+ -Dafm_confdir=${afm_confdir} \
+ -Dafm_datadir=${afm_datadir} \
+ -Dsystemd_units_root=${systemd_units_root} \
+ -DUNITDIR_USER=${systemd_user_unitdir} \
+ -DUNITDIR_SYSTEM=${systemd_system_unitdir} \
+"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}"
+GROUPADD_PARAM_${PN} = "-r ${afm_name}"
+
+SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service"
+SYSTEMD_AUTO_ENABLE = "enable"
+
+FILES_${PN} += "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \
+"
+RDEPENDS_${PN}_append_smack = " smack-userspace"
+DEPENDS_append_smack = " smack-userspace-native"
+
+# short hacks here
+SRC_URI += "\
+ file://Hack-to-allow-the-debugging.patch \
+"
+
+# tools used to install wgt at first boot
+SRC_URI += "\
+ file://afm-install \
+ file://add-qt-wayland-shell-integration.patch \
+"
+
+do_install_append() {
+ install -d ${D}${bindir}
+ install -d -m 0775 ${D}${systemd_units_root}/{system,user}
+ install -d -m 0775 ${D}${systemd_units_root}/{system,user}/default.target.wants
+ install -d ${D}${afm_datadir}/{applications,icons}
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ mkdir -p ${D}${sysconfdir}/systemd/{system,user}/default.target.wants
+ ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants
+ fi
+ install -m 0755 ${WORKDIR}/afm-install ${D}${bindir}
+}
+
+do_install_append_qemux86-64() {
+ sed -i -e '/LD_PRELOAD=\/usr\/lib\/libEGL.so/d' ${D}${systemd_user_unitdir}/afm-user-daemon.service
+}
+
+pkg_postinst_${PN}() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.}
+ fi
+ chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.}
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
+}
+
+pkg_postinst_${PN}_smack() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.}
+ chsmack -a 'System::Shared' -t $D${systemd_units_root}/{system,user}/{default.target.wants,.}
+ fi
+ chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.}
+ chsmack -a 'System::Shared' -t $D${afm_datadir}/{applications,icons,.}
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
+}
+FILES_${PN} += " ${systemd_units_root} "
+
+PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
+FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
+FILES_${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so "
+
+PACKAGES =+ "${PN}-tools ${PN}-tools-dbg"
+FILES_${PN}-tools = "${bindir}/wgtpkg-*"
+FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
+
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
new file mode 100644
index 000000000..6ce87ed71
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
@@ -0,0 +1,26 @@
+SUMMARY = "AGL Framework Main part"
+DESCRIPTION = "\
+This is a core framework component for managing \
+applications, widgets, and components. \
+"
+
+HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master"
+SRC_URI_files = ""
+SRC_URI = "${SRC_URI_git} \
+ ${SRC_URI_files} \
+ "
+
+SRCREV = "255c83029f56e8d90e7ce185b007c4ca65afec1e"
+
+S = "${WORKDIR}/git"
+
+afm_name = "afm"
+afm_confdir = "${sysconfdir}/${afm_name}"
+afm_datadir = "/var/local/lib/${afm_name}"
+afb_binding_dir = "${libdir}/afb"
+systemd_units_root = "/usr/local/lib/systemd"
+
diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb
new file mode 100644
index 000000000..8d044345f
--- /dev/null
+++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb
@@ -0,0 +1,26 @@
+require af-main_${PV}.inc
+
+inherit nativesdk cmake pkgconfig
+
+SECTION = "base"
+
+DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c"
+
+EXTRA_OECMAKE = "\
+ -DUSE_LIBZIP=1 \
+ -DUSE_SIMULATION=1 \
+ -DUSE_SDK=1 \
+ -Dafm_name=${afm_name} \
+ -Dafm_confdir=${afm_confdir} \
+ -Dafm_datadir=${afm_datadir} \
+"
+
+do_install_append() {
+ # remove unused .pc file we don't want to package
+ rm -rf ${D}/${libdir}
+}
+
+PACKAGES = "${PN}-tools ${PN}-tools-dbg"
+FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*"
+FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
+
diff --git a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
new file mode 100644
index 000000000..7e12bc829
--- /dev/null
+++ b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -0,0 +1,22 @@
+DEPENDS_append_smack = " smack-userspace-native"
+RDEPENDS_${PN}_append_smack = " smack-userspace"
+
+do_install_append() {
+ install -d ${D}/${sysconfdir}/skel/app-data
+ install -d ${D}/${sysconfdir}/skel/.config
+}
+
+do_install_append_smack () {
+ install -d ${D}/${sysconfdir}/smack/accesses.d
+ cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
+System User::App-Shared rwxat
+System User::Home rwxat
+EOF
+ chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
+}
+
+pkg_postinst_${PN}_append_smack() {
+ chsmack -r -a 'User::Home' -t -D $D/${sysconfdir}/skel
+ chsmack -a 'User::App-Shared' -D $D/${sysconfdir}/skel/app-data
+}
+
diff --git a/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend
new file mode 100644
index 000000000..ca0b54f73
--- /dev/null
+++ b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend
@@ -0,0 +1,2 @@
+RDEPENDS_${PN} =+ "nativesdk-af-main-tools"
+
diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb
new file mode 100644
index 000000000..e95b7548b
--- /dev/null
+++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb
@@ -0,0 +1,16 @@
+SUMMARY = "AGL Application Framework examples"
+DESCRIPTION = "The set of examples associated to the AGL Application Framework"
+LICENSE = "MIT"
+
+inherit packagegroup
+
+PACKAGES = "\
+ packagegroup-agl-app-framework-examples \
+ "
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} += "\
+ afm-client \
+ afb-client \
+ "
diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb
new file mode 100644
index 000000000..0fdaabc91
--- /dev/null
+++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb
@@ -0,0 +1,20 @@
+SUMMARY = "AGL Application Framework core packages"
+DESCRIPTION = "The set of packages required by the AGL Application Framework"
+LICENSE = "MIT"
+
+inherit packagegroup
+
+PACKAGES = "\
+ packagegroup-agl-app-framework \
+ "
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} += "\
+ af-binder \
+ af-binder-binding-afb-dbus-binding \
+ af-binder-binding-authlogin \
+ libafbwsc \
+ af-main \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'webruntime', 'virtual/webruntime', '', d)} \
+ "
diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend
new file mode 100644
index 000000000..0c9efe465
--- /dev/null
+++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend
@@ -0,0 +1,9 @@
+RDEPENDS_${PN} += "\
+ xmlsec1 \
+ cynara \
+ dbus-cynara \
+ security-manager \
+ security-manager-policy \
+ agl-users \
+ "
+
diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend
new file mode 100644
index 000000000..ad09e5ddf
--- /dev/null
+++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend
@@ -0,0 +1,3 @@
+RDEPENDS_${PN} += "\
+ packagegroup-agl-app-framework \
+ "
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
new file mode 100644
index 000000000..4c91f7fa3
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
@@ -0,0 +1,50 @@
+From 935e4e4e746b5ffcda80c80097dc75c2581c1a89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Wed, 19 Oct 2016 13:45:54 +0200
+Subject: [PATCH] Adapt rules to AGL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git
+as basis for the integration of security framework. The security framework
+that it provides is an evolution of the security framework of tizen refited
+to the distribution Ostro of Intel. This refit took the decision to simplify
+the model by removing the running label "User". More can be viewed here:
+https://github.com/01org/meta-intel-iot-security/pull/116
+
+This commits adapt the template to the rules that are now needed
+after this evolution.
+
+It also integrates one other evolutions: the shared label becomes User::App-Shared instead
+of User::App::Shared to avoid collision with application of id "Shared".
+
+Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ policy/app-rules-template.smack | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
+index 1311169..b4cd2e3 100644
+--- a/policy/app-rules-template.smack
++++ b/policy/app-rules-template.smack
+@@ -1,12 +1,10 @@
+-System ~APP~ rwx
++System ~APP~ rwxa
++System ~PKG~ rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rx
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+-User ~APP~ rwxa
+-User ~PKG~ rwxat
+-~APP~ User wx
+ ~APP~ User::Home rxl
+-~APP~ User::App::Shared rwxat
++~APP~ User::App-Shared rwxat
+ ~APP~ ~PKG~ rwxat
+--
+2.7.4
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
new file mode 100644
index 000000000..43a3ee103
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
@@ -0,0 +1,40 @@
+From 19c99315a5dcba3b696c30d1fdd42a1dcd574a80 Mon Sep 17 00:00:00 2001
+From: Ronan <ronan.lemartret@iot.bzh>
+Date: Thu, 13 Oct 2016 11:37:47 +0200
+Subject: [PATCH] Fix Cmake conf for gcc6 build
+
+Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
+---
+ src/cmd/CMakeLists.txt | 4 +---
+ src/server/CMakeLists.txt | 1 -
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
+index ee9a160..aa7a12c 100644
+--- a/src/cmd/CMakeLists.txt
++++ b/src/cmd/CMakeLists.txt
+@@ -1,8 +1,6 @@
+ FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options)
+
+-INCLUDE_DIRECTORIES(SYSTEM
+- ${Boost_INCLUDE_DIRS}
+- )
++
+
+ INCLUDE_DIRECTORIES(
+ ${INCLUDE_PATH}
+diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
+index 753eb96..8eef25d 100644
+--- a/src/server/CMakeLists.txt
++++ b/src/server/CMakeLists.txt
+@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
+
+ INCLUDE_DIRECTORIES(SYSTEM
+ ${SERVER_DEP_INCLUDE_DIRS}
+- ${Boost_INCLUDE_DIRS}
+ ${Threads_INCLUDE_DIRS}
+ )
+
+--
+2.6.6
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
new file mode 100644
index 000000000..1b3c8c427
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
@@ -0,0 +1,38 @@
+From cb9acc2b723b297ee373bf814282711f02657aa5 Mon Sep 17 00:00:00 2001
+From: Ronan <ronan.lemartret@iot.bzh>
+Date: Wed, 12 Oct 2016 17:48:55 +0200
+Subject: [PATCH] Fix gcc6 build
+
+Signed-off-by: ronan <ronan@ot.bzh>
+---
+ src/client/client-security-manager.cpp | 1 +
+ src/common/include/privilege_db.h | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
+index 74a6b30..347cddd 100644
+--- a/src/client/client-security-manager.cpp
++++ b/src/client/client-security-manager.cpp
+@@ -46,6 +46,7 @@
+ #include <service_impl.h>
+ #include <security-manager.h>
+ #include <client-offline.h>
++#include <linux/xattr.h>
+
+ static const char *EMPTY = "";
+
+diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
+index 03c6680..8dd39a1 100644
+--- a/src/common/include/privilege_db.h
++++ b/src/common/include/privilege_db.h
+@@ -32,6 +32,7 @@
+ #include <map>
+ #include <stdbool.h>
+ #include <string>
++#include <vector>
+
+ #include <dpl/db/sql_connection.h>
+
+--
+2.6.6
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
new file mode 100644
index 000000000..4830db2a8
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
@@ -0,0 +1,196 @@
+From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Mon, 16 Nov 2015 14:26:25 +0100
+Subject: [PATCH] Removing tizen-platform-config
+
+Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
+---
+ policy/security-manager-policy-reload | 2 +-
+ src/common/file-lock.cpp | 4 +---
+ src/common/include/file-lock.h | 1 -
+ src/common/include/privilege_db.h | 3 +--
+ src/common/service_impl.cpp | 39 +++++++++++------------------------
+ src/common/smack-rules.cpp | 12 ++++-------
+ 6 files changed, 19 insertions(+), 42 deletions(-)
+
+diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
+index 6f211c6..ed8047a 100755
+--- a/policy/security-manager-policy-reload
++++ b/policy/security-manager-policy-reload
+@@ -2,7 +2,7 @@
+
+ POLICY_PATH=/usr/share/security-manager/policy
+ PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
+-DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
++DB_FILE=/var/db/security-manager/.security-manager.db
+
+ # Create default buckets
+ while read bucket default_policy
+diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
+index 6f3996c..1dada17 100644
+--- a/src/common/file-lock.cpp
++++ b/src/common/file-lock.cpp
+@@ -30,9 +30,7 @@
+
+ namespace SecurityManager {
+
+-char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
+- "lock",
+- "security-manager.lock");
++char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock";
+
+ FileLocker::FileLocker(const std::string &lockFile, bool blocking)
+ {
+diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
+index 604b019..21a86a0 100644
+--- a/src/common/include/file-lock.h
++++ b/src/common/include/file-lock.h
+@@ -29,7 +29,6 @@
+
+ #include <dpl/exception.h>
+ #include <dpl/noncopyable.h>
+-#include <tzplatform_config.h>
+
+ namespace SecurityManager {
+
+diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
+index 4d73d90..03c6680 100644
+--- a/src/common/include/privilege_db.h
++++ b/src/common/include/privilege_db.h
+@@ -34,14 +34,13 @@
+ #include <string>
+
+ #include <dpl/db/sql_connection.h>
+-#include <tzplatform_config.h>
+
+ #ifndef PRIVILEGE_DB_H_
+ #define PRIVILEGE_DB_H_
+
+ namespace SecurityManager {
+
+-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
++const char *const PRIVILEGE_DB_PATH = "/var/db/security-manager/.security-manager.db";
+
+ enum class QueryType {
+ EGetPkgPrivileges,
+diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
+index ae305d3..65cc8b5 100644
+--- a/src/common/service_impl.cpp
++++ b/src/common/service_impl.cpp
+@@ -32,7 +32,6 @@
+ #include <algorithm>
+
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+
+ #include "protocols.h"
+ #include "privilege_db.h"
+@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
+
+ static uid_t getGlobalUserId(void)
+ {
+- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
++ static uid_t globaluid = 0;
++ if (!globaluid) {
++ struct passwd pw, *p;
++ char buf[4096];
++ int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p);
++ globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
++ }
+ return globaluid;
+ }
+
+@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
+
+ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
+ {
+- struct tzplatform_context *tz_ctx = nullptr;
+-
+- if (tzplatform_context_create(&tz_ctx))
+- return false;
+-
+- if (tzplatform_context_set_user(tz_ctx, uid)) {
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
++ struct passwd pw, *p;
++ char buf[4096];
++ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
++ if (rc || p == NULL)
+ return false;
+- }
+-
+- enum tzplatform_variable id =
+- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
+- const char *appDir = tzplatform_context_getenv(tz_ctx, id);
+- if (!appDir) {
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
+- return false;
+- }
+-
+- userAppDir = appDir;
+-
+- tzplatform_context_destroy(tz_ctx);
+- tz_ctx = nullptr;
+-
++ userAppDir = p->pw_dir;
+ return true;
+ }
+
+ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
+ {
+- std::string userHome;
+ std::string userAppDir;
+ std::stringstream correctPath;
+
+diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
+index d834e42..8b5728b 100644
+--- a/src/common/smack-rules.cpp
++++ b/src/common/smack-rules.cpp
+@@ -34,7 +34,6 @@
+ #include <memory>
+
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+
+ #include "smack-labels.h"
+ #include "smack-rules.h"
+@@ -43,7 +42,7 @@ namespace SecurityManager {
+
+ const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~";
+ const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~";
+-const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
++const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack";
+ const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat";
+
+ SmackRules::SmackRules()
+@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
+
+ std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
+ {
+- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
+- return path;
++ return "/etc/smack/accesses.d/pkg_" + pkgId;
+ }
+
+ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
+ {
+- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
+- return path;
++ return "/etc/smack/accesses.d/app_" + appId;
+ }
+ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
+@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
+ for (auto privilege : privileges) {
+ if (privilege.empty())
+ continue;
+- std::string fprivilege ( privilege + "-template.smack");
+- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
++ std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack";
+ if( stat(path.c_str(), &buffer) == 0)
+ smackRules.addFromTemplateFile(appId, pkgId, path);
+ }
+--
+2.1.4
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
new file mode 100644
index 000000000..8ed5e8601
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
@@ -0,0 +1,15 @@
+#
+# Install security-manager DB to /var
+
+[Unit]
+Description=Install Security Manager database
+After=sysinit.target
+Before=security-manager.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/bin/init-security-manager-db.sh
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
new file mode 100644
index 000000000..ef41286c8
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ ! -e "/var/db/security-manager" ]; then
+ mkdir -p /var/db
+ cp -ra /usr/dbspace/ /var/db/security-manager
+fi
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
new file mode 100644
index 000000000..23ceb2937
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -0,0 +1,22 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
+
+SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \
+ file://init-security-manager-db.service \
+ file://init-security-manager-db.sh \
+ file://0001-Fix-gcc6-build.patch \
+ file://0001-Fix-Cmake-conf-for-gcc6-build.patch \
+"
+
+FILES_${PN}_append = "${bindir}/init-security-manager-db.sh \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/init-security-manager-db.service', '', d)} \
+"
+
+do_install_append () {
+ install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ mkdir -p ${D}${systemd_unitdir}/system
+ mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants
+ install -m 644 -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service
+ ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants
+ fi
+}
diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime
new file mode 100755
index 000000000..ca712e155
--- /dev/null
+++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/qt5/qmlscene "$1" /usr/bin/web-runtime-webkit.qml
diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml
new file mode 100644
index 000000000..d18b672cd
--- /dev/null
+++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml
@@ -0,0 +1,13 @@
+import QtQuick 2.1
+import QtQuick.Controls 1.1
+import QtWebKit 3.0
+
+ApplicationWindow {
+ width: 1024
+ height: 768
+ visible: true
+ WebView {
+ url: Qt.application.arguments[1]
+ anchors.fill: parent
+ }
+}
diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml
new file mode 100644
index 000000000..afe8a77d0
--- /dev/null
+++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml
@@ -0,0 +1,13 @@
+import QtQuick 2.1
+import QtQuick.Controls 1.1
+import QtWebEngine 1.1
+
+ApplicationWindow {
+ width: 1024
+ height: 768
+ visible: true
+ WebEngineView {
+ url: Qt.application.arguments[1]
+ anchors.fill: parent
+ }
+}
diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb
new file mode 100644
index 000000000..fa149875c
--- /dev/null
+++ b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb
@@ -0,0 +1,34 @@
+inherit allarch
+
+SUMMARY = "Provides the 'web-runtime' command"
+DESCRIPTION = "The command 'web-runtime' is an abstraction that allows to "
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "\
+ file://web-runtime;md5sum=6114c0bdd20290912a423fa01beb50f0 \
+ file://web-runtime.qml;md5sum=5d6a379e9b7e5654319e5ba638824a58 \
+ file://web-runtime-webkit.qml;md5sum=4daf9df39078634c27a7923d37e82e3d \
+"
+
+RDEPENDS_${PN} = "qtwebkit-qmlplugins"
+
+do_configure() {
+ :
+}
+
+do_install() {
+ install -d ${D}${bindir}
+ install -m 0755 ${WORKDIR}/web-runtime ${D}${bindir}/web-runtime
+ install -m 0644 ${WORKDIR}/web-runtime.qml ${D}${bindir}/web-runtime.qml
+ install -m 0644 ${WORKDIR}/web-runtime-webkit.qml ${D}${bindir}/web-runtime-webkit.qml
+}
+
+do_install_append_rcar-gen2() {
+ # workaround for porter board: force the use of libEGL provided by mesa at runtime
+ # otherwise, the proprietary libEGL is used and a problem then occurs due to a missing EGL function
+ sed -i 's|^\(exec /usr/bin/qt5/qmlscene\)|LD_PRELOAD=/usr/lib/libEGL.so \1|g' ${D}${bindir}/web-runtime
+}
+
+