From 924b71fb656fec0925726174f65676ef6a8a9329 Mon Sep 17 00:00:00 2001
From: Denys Dmytriyenko <denys@konsulko.com>
Date: Mon, 3 Oct 2022 17:33:19 +0000
Subject: meta-app-framework: applaunchd: run under a separate user

Since applaunchd needs to start/stop systemd units, the user is granted
elevated systemd unit-management permissions via PolKit policy. If applaunchd
and all the apps run under the same agl-driver user, all the apps have these
elevated systemd permissions too. Separating them into different users allows
removing elevated systemd unit-management permission from individual apps, but
leaving such permission for applaunchd, which enhances overall security of
the system.

- add new applaunchd user and group
- switch applaunchd (gRPC) service to be started under new user
- since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API,
  applaunchd-dbus gets activated by agl-session and runs under agl-driver
- temporarily add agl-driver user into the applaunchd group and switch
  PolKit policy to check for applaunchd group, instead of the user
- once D-Bus API is completely deprecated, agl-driver user can be removed
  from applaunchd group

Bug-AGL: SPEC-4579
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
---
 meta-agl-core/files/passwd | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-agl-core/files/passwd')

diff --git a/meta-agl-core/files/passwd b/meta-agl-core/files/passwd
index b97bf3b47..1b24d2760 100644
--- a/meta-agl-core/files/passwd
+++ b/meta-agl-core/files/passwd
@@ -23,6 +23,7 @@ sshd::996:996:::
 systemd-bus-proxy::995:995:::
 agl-driver::1001:1001:::
 agl-passenger::1002:1002:::
+applaunchd::1003:1003:::
 messagebus::994:994:::
 afm::992:992:::
 systemd-timesync::988:988:::
-- 
cgit 1.2.3-korg