summaryrefslogtreecommitdiffstats
path: root/meta-security
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend18
-rw-r--r--meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf2
-rw-r--r--meta-security/recipes-connectivity/connman/connman_%.bbappend20
-rw-r--r--meta-security/recipes-connectivity/connman/files/connman.service.conf4
4 files changed, 26 insertions, 18 deletions
diff --git a/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend b/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend
index c62842d5b..3767681b0 100644
--- a/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend
+++ b/meta-security/recipes-connectivity/bluez5/bluez5_%.bbappend
@@ -42,14 +42,14 @@
# The related patch has been submitted to upstream too.
# upstream link: http://permalink.gmane.org/gmane.linux.bluez.kernel/67993
-FIX_BLUEZ5_CAPABILITIES ??= ""
-FIX_BLUEZ5_CAPABILITIES_with-lsm-smack ??= "fix_bluez5_capabilities"
-do_install[postfuncs] += "${FIX_BLUEZ5_CAPABILITIES}"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-fix_bluez5_capabilities () {
- service="${D}/${systemd_unitdir}/system/bluetooth.service"
- if [ -f "$service" ] &&
- grep -q '^CapabilityBoundingSet=' "$service"; then
- sed -i -e 's/^CapabilityBoundingSet=/CapabilityBoundingSet=CAP_MAC_OVERRIDE /' "$service"
- fi
+SRC_URI_append_with-lsm-smack = "\
+ file://bluetooth.service.conf \
+"
+
+FILES_${PN} += "${systemd_unitdir}"
+
+do_install_append_with-lsm-smack() {
+ install -Dm0644 ${WORKDIR}/bluetooth.service.conf ${D}${systemd_unitdir}/system/bluetooth.service.d/smack.conf
}
diff --git a/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf b/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf
new file mode 100644
index 000000000..b93ab4fee
--- /dev/null
+++ b/meta-security/recipes-connectivity/bluez5/files/bluetooth.service.conf
@@ -0,0 +1,2 @@
+[Service]
+CapabilityBoundingSet=CAP_MAC_OVERRIDE
diff --git a/meta-security/recipes-connectivity/connman/connman_%.bbappend b/meta-security/recipes-connectivity/connman/connman_%.bbappend
index f66c1e79b..3b010490d 100644
--- a/meta-security/recipes-connectivity/connman/connman_%.bbappend
+++ b/meta-security/recipes-connectivity/connman/connman_%.bbappend
@@ -19,14 +19,16 @@
# in which connmand runs, this change is not submitted upstream
# and it can be overridden by a distro via FIX_CONNMAN_CAPABILITIES.
-FIX_CONNMAN_CAPABILITIES ??= ""
-FIX_CONNMAN_CAPABILITIES_with-lsm-smack ??= "fix_connman_capabilities"
-do_install[postfuncs] += "${FIX_CONNMAN_CAPABILITIES}"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-fix_connman_capabilities () {
- service="${D}/${systemd_unitdir}/system/connman.service"
- if [ -f "$service" ] &&
- grep -q '^CapabilityBoundingSet=' "$service"; then
- sed -i -e 's/^CapabilityBoundingSet=/CapabilityBoundingSet=CAP_MAC_OVERRIDE /' "$service"
- fi
+SRC_URI_append_with-lsm-smack = "\
+ file://connman.service.conf \
+"
+
+RDEPENDS_${PN}_append_with-lsm-smack = " smack"
+
+FILES_${PN} += "${systemd_unitdir}"
+
+do_install_append_with-lsm-smack() {
+ install -Dm0644 ${WORKDIR}/connman.service.conf ${D}${systemd_unitdir}/system/connman.service.d/smack.conf
}
diff --git a/meta-security/recipes-connectivity/connman/files/connman.service.conf b/meta-security/recipes-connectivity/connman/files/connman.service.conf
new file mode 100644
index 000000000..6ebbf6ad1
--- /dev/null
+++ b/meta-security/recipes-connectivity/connman/files/connman.service.conf
@@ -0,0 +1,4 @@
+[Service]
+CapabilityBoundingSet=CAP_MAC_OVERRIDE
+ExecStartPre=+-/bin/mkdir -p /run/connman
+ExecStartPre=+-/usr/bin/chsmack -t -a System::Shared /run/connman