diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2019-11-26 21:27:44 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2019-12-03 18:37:21 +0100 |
| commit | 581f99c340d6b697b3b503df683e4bdeb59736d1 (patch) | |
| tree | c28bf42ca2d8676812950c38045050734e95e40e | |
| parent | f68b681e785456207fd8195ac83ade0c89373416 (diff) | |
wgtpkg-install: Add default permissions
Only one default permission is used now:
"urn:AGL:token:valid" that is used to check
token validity.
This adds in the cynagora database the rule
SMACKID * * urn:AGL:token:valid yes forever
That means that applications having a smack label
installed by the framework behave as if they have
a valid token, a token without any scope/permission
but just valid.
This is needed during the transition to token based
permission policy.
Bug-AGL: SPEC-2968
Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
| -rw-r--r-- | src/wgtpkg-install.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index bbeb2fe..0122eda 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port"; static uint32_t *port_bits = NULL; +static const char *default_permissions[] = { + "urn:AGL:token:valid" +}; + /* * normalize unit files: remove comments, remove heading blanks, * make single lines @@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc) perm = next_usable_permission(); } + /* install default permissions */ + n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions); + for (i = 0 ; i < n ; i++) { + perm = default_permissions[i]; + rc = secmgr_permit(perm); + INFO("permitting %s %s", perm, rc ? "FAILED!" : "success"); + if (rc) + goto error2; + } + rc = secmgr_install(); return rc; error2: |