Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD

* agl/sandbox/ronan/rocko: (58 commits)
  Update ulcb conf file
  Remove unsed gstreamer backport
  [GEN3] add preferred version on omx package
  run-(agl-)postinst: Emit progress to console
  meta-security: Remove unused content
  Upgrade wayland-ivi-extension
  Revert "Fix kernel gcc7 issue"
  remove backport commit
  Revert "Fix CVE-2017-1000364 by backporting the patches for gen3"
  Remove fix for optee-os
  Remove gcc 6 fix
  Update rcar gen3 kernel bbappend version
  Update rcar gen3 driver
  Remove porter machine
  dbus-cynara: Upgrade to 1.10.20
  xmlsec1: switch to meta-security version
  systemd: earlier smack label switch
  cynara: upgrade to 0.14.10
  Remove smack recipe
  Integrate parts of meta-intel-iot-security
  ...

Bug-AGL: SPEC-1181

Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>

Conflicts:
	meta-app-framework/recipes-security/cynara/cynara_git.bbappend

Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0

1 files changed, 34 insertions, 0 deletions

diff --git a/meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch b/meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch
new file mode 100644
index 000000000..d60096a15
--- /dev/null
+++ b/meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch
@@ -0,0 +1,34 @@
+From 19688cbe2ca10921a499f3fa265928dca54cf98d Mon Sep 17 00:00:00 2001
+From: Alejandro Joya <alejandro.joya.cruz@intel.com>
+Date: Wed, 4 Nov 2015 19:06:23 -0600
+Subject: [PATCH 2/2] app-install: implement multiple set of smack-rules
+
+If it's need it could create load multiple set of smack rules
+related with the privileges.
+It wouldn't affect the case that only the default set of rules is need it.
+
+Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
+---
+ src/common/service_impl.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
+index 7fd621c..ae305d3 100644
+--- a/src/common/service_impl.cpp
++++ b/src/common/service_impl.cpp
+@@ -338,6 +338,12 @@ int appInstall(const app_inst_req &req, uid_t uid)
+         LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
+                 << req.pkgId << ". Applications in package: " << pkgContents.size());
+         SmackRules::installApplicationRules(req.appId, req.pkgId, pkgContents);
++	/*Setup for privileges custom rules*/
++	 LogDebug("Adding Smack rules for new appId: " << req.appId << " with pkgId: "
++                << req.pkgId << ". Applications in package: " << pkgContents.size()
++		<< " and Privileges");
++	SmackRules::installApplicationPrivilegesRules(req.appId, req.pkgId,
++	    pkgContents,req.privileges);
+     } catch (const SmackException::Base &e) {
+         LogError("Error while applying Smack policy for application: " << e.DumpToString());
+         return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
+-- 
+2.1.0
+