diff options
author | Jose Bollo <jose.bollo@iot.bzh> | 2020-01-22 18:27:58 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2020-01-23 15:30:29 +0100 |
commit | 7d50de9020901a843095568462a23b4a1ae5f6c3 (patch) | |
tree | 57e0056b101ae4c4e5d3091e0071273fe463066a | |
parent | a123bb31906ef03ff813559aee426282416d729d (diff) |
Improve setup for solving access issuesicefish_8.99.5icefish/8.99.58.99.5
While developping the binding afb-test, the export of
the binding afm-test, using "provided-binding" feature
reavealed to be broken because of security setup.
Bug-AGL: SPEC-2795
Change-Id: Ifc11a8b6a0f20b25d34a8f6b2f81f4c8b5f98238
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
-rw-r--r-- | conf/system/afm-system-setup.sh.in | 18 | ||||
-rw-r--r-- | conf/system/afm-user-setup.sh.in | 48 |
2 files changed, 29 insertions, 37 deletions
diff --git a/conf/system/afm-system-setup.sh.in b/conf/system/afm-system-setup.sh.in index b7a3c5d..f70a530 100644 --- a/conf/system/afm-system-setup.sh.in +++ b/conf/system/afm-system-setup.sh.in @@ -3,22 +3,20 @@ pdir=@afm_platform_rundir@ dodir() { - if ! test -e $1; then - mkdir -m 755 $1 - chsmack -a '*' -T $1 - fi + for x; do + test -e "$x" || mkdir -m 755 "$x" + chmod 755 "$x" + chsmack -T -a 'System::Shared' "$x" + done } -dodir $pdir -dodir $pdir/display -dodir $pdir/apis -dodir $pdir/apis/ws -dodir $pdir/apis/link +dodir $pdir $pdir/display $pdir/apis $pdir/apis/ws $pdir/apis/link + @create_platform_debug@ spdir=@afm_scope_platform_dir@ if ! test -e $spdir; then mkdir -m 755 $spdir - chsmack -a '*' -T $spdir + chsmack -T -a 'User::App-Shared' $spdir chown daemon:daemon $spdir fi diff --git a/conf/system/afm-user-setup.sh.in b/conf/system/afm-user-setup.sh.in index 058420d..e1c1070 100644 --- a/conf/system/afm-user-setup.sh.in +++ b/conf/system/afm-user-setup.sh.in @@ -1,36 +1,30 @@ #!/bin/sh -uid=$1 -udir=/run/user/$uid - -dodir_star() { - if ! test -e $1; then - mkdir -m 700 $1 - chown $uid:$uid $1 - fi - chsmack -a '*' $1 -} - -dodir_star $udir -dodir_star $udir/apis -dodir_star $udir/apis/ws -dodir_star $udir/apis/link - -dodir_usrshr() { - if ! test -e $1; then - mkdir -m 700 $1 - chown $uid:$uid $1 - fi - chsmack -a User::App-Shared -t $1 +uid="$1" +bdir=/run/user +udir="$bdir/$uid" + +dodir() { + local x smackset="$1" + shift + for x; do + test -e "$x" || mkdir -m 700 "$x" + chmod 700 "$x" + chown "$uid:$uid" "$x" + chsmack $smackset "$x" + done } -dodir_usrshr $udir/usrshr +dodir '-T -a User::App-Shared' "$bdir" "$udir" +dodir '-t -a User::App-Shared' "$udir/usrshr" +dodir '-T -a System::Shared' "$udir/apis" +dodir '-t -a System::Shared' "$udir/apis/ws" "$udir/apis/link" doln() { - if ! test -e $2; then - ln -sf $1 $2 - chown -h $uid:$uid $2 - chsmack -a '*' $2 + if ! test -e "$2"; then + ln -sf "$1" "$2" + chown -h "$uid:$uid" "$2" + chsmack -a 'System::Shared' "$2" fi } |