summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.bb20
-rw-r--r--meta-app-framework/recipes-core/af-main/af-main_1.0.inc2
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch50
-rw-r--r--meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend4
4 files changed, 71 insertions, 5 deletions
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
index 75cdcc3ef..d8d7af46f 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -52,18 +52,30 @@ do_install_append() {
fi
}
+do_install_append_smack () {
+ install -d ${D}/${sysconfdir}/smack/accesses.d
+ cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
+System User::App-Shared rwxat
+System User::Home rwxat
+EOF
+ chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
+ install -d ${D}/${sysconfdir}/skel/app-data
+ chsmack -a 'User::Home' -t -D ${D}/${sysconfdir}/skel
+ chsmack -a 'User::App-Shared' -D ${D}/${sysconfdir}/skel/app-data
+}
+
pkg_postinst_${PN}() {
mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
- setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
pkg_postinst_${PN}_smack() {
mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons
chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons
- setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon
+ setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+ setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon
}
PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
index aff685f0d..880654e8c 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
@@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \
${SRC_URI_files} \
"
-SRCREV = "970a20a55d3a7dba32360ce596e61a2b32c9f4ee"
+SRCREV = "c31038db1cff938d7fa1f12f757c1c57ab51c0bd"
S = "${WORKDIR}/git"
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
new file mode 100644
index 000000000..4c91f7fa3
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
@@ -0,0 +1,50 @@
+From 935e4e4e746b5ffcda80c80097dc75c2581c1a89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Wed, 19 Oct 2016 13:45:54 +0200
+Subject: [PATCH] Adapt rules to AGL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git
+as basis for the integration of security framework. The security framework
+that it provides is an evolution of the security framework of tizen refited
+to the distribution Ostro of Intel. This refit took the decision to simplify
+the model by removing the running label "User". More can be viewed here:
+https://github.com/01org/meta-intel-iot-security/pull/116
+
+This commits adapt the template to the rules that are now needed
+after this evolution.
+
+It also integrates one other evolutions: the shared label becomes User::App-Shared instead
+of User::App::Shared to avoid collision with application of id "Shared".
+
+Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ policy/app-rules-template.smack | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
+index 1311169..b4cd2e3 100644
+--- a/policy/app-rules-template.smack
++++ b/policy/app-rules-template.smack
+@@ -1,12 +1,10 @@
+-System ~APP~ rwx
++System ~APP~ rwxa
++System ~PKG~ rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rx
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+-User ~APP~ rwxa
+-User ~PKG~ rwxat
+-~APP~ User wx
+ ~APP~ User::Home rxl
+-~APP~ User::App::Shared rwxat
++~APP~ User::App-Shared rwxat
+ ~APP~ ~PKG~ rwxat
+--
+2.7.4
+
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
new file mode 100644
index 000000000..d3a110de5
--- /dev/null
+++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
+
+SRC_URI += " file://0001-Adapt-rules-to-AGL.patch "
+