diff options
| author |   Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
|---|---|---|
| committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
| commit | 317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch) | |
| tree | bf2b27dc9068924b59b46d2e153936c77be954c3 /meta-security/recipes-security/security-manager/security-manager.inc | |
| parent | b6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff) | |
| parent | c9ce37905acd879db107eafe309678053073e086 (diff) | |
Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD
* agl/sandbox/ronan/rocko: (58 commits)
Update ulcb conf file
Remove unsed gstreamer backport
[GEN3] add preferred version on omx package
run-(agl-)postinst: Emit progress to console
meta-security: Remove unused content
Upgrade wayland-ivi-extension
Revert "Fix kernel gcc7 issue"
remove backport commit
Revert "Fix CVE-2017-1000364 by backporting the patches for gen3"
Remove fix for optee-os
Remove gcc 6 fix
Update rcar gen3 kernel bbappend version
Update rcar gen3 driver
Remove porter machine
dbus-cynara: Upgrade to 1.10.20
xmlsec1: switch to meta-security version
systemd: earlier smack label switch
cynara: upgrade to 0.14.10
Remove smack recipe
Integrate parts of meta-intel-iot-security
...
Bug-AGL: SPEC-1181
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Conflicts:
meta-app-framework/recipes-security/cynara/cynara_git.bbappend
Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
Diffstat (limited to 'meta-security/recipes-security/security-manager/security-manager.inc')
| -rw-r--r-- | meta-security/recipes-security/security-manager/security-manager.inc | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc new file mode 100644 index 000000000..ee749a8fb --- /dev/null +++ b/meta-security/recipes-security/security-manager/security-manager.inc @@ -0,0 +1,98 @@ +DESCRIPTION = "Security manager and utilities" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3" + +inherit cmake + +# Out-of-tree build is broken ("sqlite3 .security-manager.db <db.sql" where db.sql is in $S/db). +B = "${S}" + +DEPENDS = " \ +attr \ +boost \ +cynara \ +icu \ +libcap \ +smack \ +sqlite3 \ +sqlite3-native \ +systemd \ +" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE" + +TZ_SYS_DB = "/var/db/security-manager" + +EXTRA_OECMAKE = " \ +-DCMAKE_VERBOSE_MAKEFILE=ON \ +-DVERSION=${PV} \ +-DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \ +-DBIN_INSTALL_DIR=${bindir} \ +-DDB_INSTALL_DIR=${TZ_SYS_DB} \ +-DLIB_INSTALL_DIR=${libdir} \ +-DSHARE_INSTALL_PREFIX=${datadir} \ +-DINCLUDE_INSTALL_DIR=${includedir} \ +" + +inherit systemd +SYSTEMD_SERVICE_${PN} = "security-manager.service" + +inherit distro_features_check +REQUIRED_DISTRO_FEATURES += "smack" + +# The upstream source code contains the Tizen-specific policy configuration files. +# To replace them, create a security-manager.bbappend and set the following variable to a +# space-separated list of policy file names (not URIs!), for example: +# SECURITY_MANAGER_POLICY = "privilege-group.list usertype-system.profile" +# +# Leave it empty to use the upstream Tizen policy. +SECURITY_MANAGER_POLICY ?= "" +SRC_URI_append = " ${@' '.join(['file://' + x for x in d.getVar('SECURITY_MANAGER_POLICY', True).split()])}" +python do_patch_append () { + import os + import shutil + import glob + files = d.getVar('SECURITY_MANAGER_POLICY', True).split() + if files: + s = d.getVar('S', True) + workdir = d.getVar('WORKDIR', True) + for pattern in ['*.profile', '*.list']: + for old_file in glob.glob(s + '/policy/' + pattern): + os.unlink(old_file) + for file in files: + shutil.copy(file, s + '/policy') +} + +do_install_append () { + install -d ${D}/${systemd_unitdir}/system/multi-user.target.wants + ln -s ../security-manager.service ${D}/${systemd_unitdir}/system/multi-user.target.wants/security-manager.service + install -d ${D}/${systemd_unitdir}/system/sockets.target.wants + ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket +} + +RDEPENDS_${PN} += "smack" +pkg_postinst_${PN} () { + set -e + chsmack -a System $D${TZ_SYS_DB}/.security-manager.db + chsmack -a System $D${TZ_SYS_DB}/.security-manager.db-journal +} + +FILES_${PN} += " \ +${systemd_unitdir} \ +${TZ_SYS_DB} \ +" + +PACKAGES =+ "${PN}-policy" +FILES_${PN}-policy = " \ + ${datadir}/${PN} \ + ${bindir}/security-manager-policy-reload \ +" +RDEPENDS_${PN}-policy += "sqlite3 cynara" +pkg_postinst_${PN}-policy () { + if [ x"$D" = "x" ] && ${bindir}/security-manager-policy-reload; then + exit 0 + else + exit 1 + fi +} |