connman+bluez5: Update rights for smack systems

Reading the file /etc/resolv.conf that is linked to /run/connman/resolv.conf is not possible for common users. This changes add the setting of the directory /run/connman that allows common applications to read that file. To achieves this goal, that changes use the intended tuning mechanism of systemd instead of using sed. This is cleaner. Thus this as been adapted for bluez5 too. Bug-AGL: SPEC-2006 Change-Id: I3d2a708be2a5c62664bfcf90757e9e5c080d6179 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh> 2018-12-12 14:27:48 +0100
committer: José Bollo <jose.bollo@iot.bzh> 2018-12-18 10:54:16 +0100
commit: d9d7eb20d17acde2f4e3826736ad45fa6d441837 (patch)
tree: 8c461440b3728eb37d1930c6e1bebdab921ff4b5 /meta-security/recipes-connectivity/connman/files
parent: c888e1c4dce2ee70521b7cf6e8ec8ec60a7aeea1 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/meta-security/recipes-connectivity/connman/files/connman.service.conf b/meta-security/recipes-connectivity/connman/files/connman.service.conf
new file mode 100644
index 000000000..6ebbf6ad1
--- /dev/null
+++ b/meta-security/recipes-connectivity/connman/files/connman.service.conf
@@ -0,0 +1,4 @@
+[Service]
+CapabilityBoundingSet=CAP_MAC_OVERRIDE
+ExecStartPre=+-/bin/mkdir -p /run/connman
+ExecStartPre=+-/usr/bin/chsmack -t -a System::Shared /run/connman
author	José Bollo <jose.bollo@iot.bzh>	2018-12-12 14:27:48 +0100
committer	José Bollo <jose.bollo@iot.bzh>	2018-12-18 10:54:16 +0100
commit	d9d7eb20d17acde2f4e3826736ad45fa6d441837 (patch)
tree	8c461440b3728eb37d1930c6e1bebdab921ff4b5 /meta-security/recipes-connectivity/connman/files
parent	c888e1c4dce2ee70521b7cf6e8ec8ec60a7aeea1 (diff)