summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-security/security-manager/security-manager.inc
diff options
context:
space:
mode:
authorJan-Simon Möller <jsmoeller@linuxfoundation.org>2018-02-14 10:55:35 +0100
committerJan-Simon Möller <jsmoeller@linuxfoundation.org>2018-02-14 10:55:35 +0100
commit317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch)
treebf2b27dc9068924b59b46d2e153936c77be954c3 /meta-security/recipes-security/security-manager/security-manager.inc
parentb6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff)
parentc9ce37905acd879db107eafe309678053073e086 (diff)
Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD
* agl/sandbox/ronan/rocko: (58 commits) Update ulcb conf file Remove unsed gstreamer backport [GEN3] add preferred version on omx package run-(agl-)postinst: Emit progress to console meta-security: Remove unused content Upgrade wayland-ivi-extension Revert "Fix kernel gcc7 issue" remove backport commit Revert "Fix CVE-2017-1000364 by backporting the patches for gen3" Remove fix for optee-os Remove gcc 6 fix Update rcar gen3 kernel bbappend version Update rcar gen3 driver Remove porter machine dbus-cynara: Upgrade to 1.10.20 xmlsec1: switch to meta-security version systemd: earlier smack label switch cynara: upgrade to 0.14.10 Remove smack recipe Integrate parts of meta-intel-iot-security ... Bug-AGL: SPEC-1181 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Conflicts: meta-app-framework/recipes-security/cynara/cynara_git.bbappend Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
Diffstat (limited to 'meta-security/recipes-security/security-manager/security-manager.inc')
-rw-r--r--meta-security/recipes-security/security-manager/security-manager.inc98
1 files changed, 98 insertions, 0 deletions
diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc
new file mode 100644
index 000000000..ee749a8fb
--- /dev/null
+++ b/meta-security/recipes-security/security-manager/security-manager.inc
@@ -0,0 +1,98 @@
+DESCRIPTION = "Security manager and utilities"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3"
+
+inherit cmake
+
+# Out-of-tree build is broken ("sqlite3 .security-manager.db <db.sql" where db.sql is in $S/db).
+B = "${S}"
+
+DEPENDS = " \
+attr \
+boost \
+cynara \
+icu \
+libcap \
+smack \
+sqlite3 \
+sqlite3-native \
+systemd \
+"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
+
+TZ_SYS_DB = "/var/db/security-manager"
+
+EXTRA_OECMAKE = " \
+-DCMAKE_VERBOSE_MAKEFILE=ON \
+-DVERSION=${PV} \
+-DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
+-DBIN_INSTALL_DIR=${bindir} \
+-DDB_INSTALL_DIR=${TZ_SYS_DB} \
+-DLIB_INSTALL_DIR=${libdir} \
+-DSHARE_INSTALL_PREFIX=${datadir} \
+-DINCLUDE_INSTALL_DIR=${includedir} \
+"
+
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "security-manager.service"
+
+inherit distro_features_check
+REQUIRED_DISTRO_FEATURES += "smack"
+
+# The upstream source code contains the Tizen-specific policy configuration files.
+# To replace them, create a security-manager.bbappend and set the following variable to a
+# space-separated list of policy file names (not URIs!), for example:
+# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile"
+#
+# Leave it empty to use the upstream Tizen policy.
+SECURITY_MANAGER_POLICY ?= ""
+SRC_URI_append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}"
+python do_patch_append () {
+ import os
+ import shutil
+ import glob
+ files = d.getVar('SECURITY_MANAGER_POLICY', True).split()
+ if files:
+ s = d.getVar('S', True)
+ workdir = d.getVar('WORKDIR', True)
+ for pattern in ['*.profile', '*.list']:
+ for old_file in glob.glob(s + '/policy/' + pattern):
+ os.unlink(old_file)
+ for file in files:
+ shutil.copy(file, s + '/policy')
+}
+
+do_install_append () {
+ install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants
+ ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service
+ install -d ${D}/${systemd_unitdir}/system/sockets.target.wants
+ ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
+}
+
+RDEPENDS_${PN} += "smack"
+pkg_postinst_${PN} () {
+ set -e
+ chsmack -a System $D${TZ_SYS_DB}/.security-manager.db
+ chsmack -a System $D${TZ_SYS_DB}/.security-manager.db-journal
+}
+
+FILES_${PN} += " \
+${systemd_unitdir} \
+${TZ_SYS_DB} \
+"
+
+PACKAGES =+ "${PN}-policy"
+FILES_${PN}-policy = " \
+ ${datadir}/${PN} \
+ ${bindir}/security-manager-policy-reload \
+"
+RDEPENDS_${PN}-policy += "sqlite3 cynara"
+pkg_postinst_${PN}-policy () {
+ if [ x"$D" = "x" ] && ${bindir}/security-manager-policy-reload; then
+ exit 0
+ else
+ exit 1
+ fi
+}