summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core/security-manager/security-manager
AgeCommit message (Collapse)AuthorFilesLines
2019-12-03security-manager: Improve integrationJosé Bollo6-346/+0
This fixes some issues encountered by the current integration of the security-manager: - its recipes is spread in too much directories (see SPEC-2092) - its initialization should be checked (see SPEC-2091) - the location of the database has to be changed (see SPEC-1717 that provided a workaround) All in one, I decided to create that ticket that summarize the work that can be quickly achieved to answer all this issues that are tightly coupled. Bug-AGL: SPEC-2972 Bug-AGL: SPEC-2092 Bug-AGL: SPEC-2091 Bug-AGL: SPEC-1717 Change-Id: I7af941c25cfa1624d76c2e8f512f6535918912f0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-09-28Move security manager database under /var/localAnton Gerasimov2-5/+5
It is critical for agl-sota feature Bug-AGL: SPEC-1717 Change-Id: Ia4060721e3a092d13934d3af575199e67e356e71 Signed-off-by: Anton Gerasimov <anton.gerasimov@here.com>
2018-01-23security-manager: Fix build error that causes gcc v7.0Changhyeok Bae1-0/+51
gcc v7 requires include <functional> for std::function. Bug-AGL: SPEC-1181 Change-Id: Id5deb6f5ea5c2c82ae4a26889f209e1d7619000e Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
2017-05-25Security-manager: update of global user nameJosé Bollo1-1/+1
The global user name is 'afm' AGL-Bug: SPEC-617 Change-Id: I8b129afb333fdf0e90fde5e364ce6b56ceb5d712 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9503 Reviewed-by: Scott Murray <scott.murray@konsulko.com> Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Matt Porter <mporter@konsulko.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2017-03-27fix for gcc6 buildRonan2-0/+78
Change-Id: Iea4f0ba83e1d93ea2e7cc5950dced714b65dd251 Signed-off-by: Ronan <ronan.lemartret@iot.bzh> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2017-03-27Move all writable data used by security-manager and appfw to /varAnton Gerasimov3-0/+217
The purpose of these changes is to make OSTree and AppFw update domains compatible with each other. Some intergation code is also needed to deploy initial data to writable area (see SPEC-359 in Jira). Bug-AGL: SPEC-359 Change-Id: Iccba1e9916c569167df2922ad5e2d90cc33f06fe Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2017-03-27FWK: Adaptations for jethroJosé Bollo1-0/+50
Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. It also includes evolutions of the security model to be synchronized with the deletion of 'User'. The recommended version to use now is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285. Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>