SPEC-3723: restructure meta-agl

Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time.
Trim dependencies and move most 'demo' related recipes to meta-agl-demo.

v2: changed to bbapend + .inc , added description
v3: testbuild of all images
v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups.
v5: rebased
v6: merged meta-agl-distro into meta-agl-core,
    due to dependency on meta-oe, moved -test packagegroup and -qa images
      to own layer meta-agl-core-test
v7: Fixed comments from Paul Barker
v8: Update the markdown files
v9: restore wayland/weston/agl-compositor recipes/appends, reworked to
    move app f/w specific changes to bbappends in meta-app-framework and
    only demo specific weston-init changes to meta-agl-demo
v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend

Description:

This patch is part 1 out of 2 large patches that implement the layer rework
discussed during the previous workshop. Essentially meta-agl-core is the
small but versatile new core layer of AGL serving as basis for
the work done by the IC and IVI EGs.
All demo related work is moved to meta-agl-demo in the 2nd patchset.
This should be applied together as atomic change.

The resulting meta-agl/* follows these guidelines:
- only bsp adaptations in meta-agl-bsp
- remove the agl-profile-* layers for simplicity
-- the packagegroup-agl(-profile)-graphical and so on
   have been kept in meta-agl-demo
- meta-agl-profile-core is now meta-agl-core
- meta-agl-core does pass yocto-check-layer
-- therefore use the bbappend + conditional + .inc file
   construct found in meta-virtualization
- meta-agl/meta-security has been merged into meta-agl/meta-app-framework
- meta-netboot does pass yocto-check-layer
- meta-pipewire does pass yocto-check-layer

Migration:
All packagegroups are preserved but they're now enabled by 'agl-demo'.

Bug-AGL: SPEC-3723

Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769

1 files changed, 117 insertions, 0 deletions

diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
new file mode 100644
index 000000000..d79345e01
--- /dev/null
+++ b/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
@@ -0,0 +1,117 @@
+From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
+From: Alejandro Joya <alejandro.joya.cruz@intel.com>
+Date: Wed, 4 Nov 2015 19:01:35 -0600
+Subject: [PATCH 03/14] Smack-rules: create two new functions
+
+It let to smack-rules to create multiple set of rules
+related with the privileges.
+
+It runs from the same bases than for a static set of rules on the
+template, but let you add 1 or many templates for different cases.
+
+Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
+Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
+---
+ src/common/include/smack-rules.h | 15 +++++++++++
+ src/common/smack-rules.cpp       | 44 ++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+)
+
+diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
+index 91446a7..3ad9dd4 100644
+--- a/src/common/include/smack-rules.h
++++ b/src/common/include/smack-rules.h
+@@ -47,6 +47,8 @@ public:
+     void addFromTemplate(const std::vector<std::string> &templateRules,
+         const std::string &appId, const std::string &pkgId);
+     void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
++    void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
++	const std::string &path);
+ 
+     void apply() const;
+     void clear() const;
+@@ -74,6 +76,19 @@ public:
+      */
+     static void installApplicationRules(const std::string &appId, const std::string &pkgId,
+         const std::vector<std::string> &pkgContents);
++    /**
++     * Install privileges-specific smack rules.
++     *
++     * Function creates smack rules using predefined template. Rules are applied
++     * to the kernel and saved on persistent storage so they are loaded on system boot.
++     *
++     * @param[in] appId - application id that is beeing installed
++     * @param[in] pkgId - package id that the application is in
++     * @param[in] pkgContents - a list of all applications in the package
++     * @param[in] privileges - a list of all prvileges
++     */
++    static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
++        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
+     /**
+      * Uninstall package-specific smack rules.
+      *
+diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
+index 3629e0f..922a56f 100644
+--- a/src/common/smack-rules.cpp
++++ b/src/common/smack-rules.cpp
+@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
+     }
+ }
+ 
++void SmackRules::addFromTemplateFile(const std::string &appId,
++        const std::string &pkgId, const std::string &path)
++{
++    std::vector<std::string> templateRules;
++    std::string line;
++    std::ifstream templateRulesFile(path);
++
++    if (!templateRulesFile.is_open()) {
++        LogError("Cannot open rules template file: " << path);
++        ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
++    }
++
++    while (std::getline(templateRulesFile, line)) {
++        templateRules.push_back(line);
++    }
++
++    if (templateRulesFile.bad()) {
++        LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
++        ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
++    }
++
++    addFromTemplate(templateRules, appId, pkgId);
++}
+ 
+ void SmackRules::addFromTemplateFile(const std::string &appId,
+         const std::string &pkgId)
+@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
+     std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
+     return path;
+ }
++void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
++        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
++{
++    SmackRules smackRules;
++    std::string appPath = getApplicationRulesFilePath(appId);
++    smackRules.loadFromFile(appPath);
++    struct stat buffer;
++    for (auto privilege : privileges) {
++        if (privilege.empty())
++            continue;
++        std::string fprivilege ( privilege + "-template.smack");
++        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
++        if( stat(path.c_str(), &buffer) == 0)
++            smackRules.addFromTemplateFile(appId, pkgId, path);
++    }
++
++    if (smack_smackfs_path() != NULL)
++        smackRules.apply();
+ 
++    smackRules.saveToFile(appPath);
++    updatePackageRules(pkgId, pkgContents);
++}
+ void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
+         const std::vector<std::string> &pkgContents)
+ {
+-- 
+2.21.0
+