aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-11-26 21:27:44 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-12-03 18:37:21 +0100
commit581f99c340d6b697b3b503df683e4bdeb59736d1 (patch)
treec28bf42ca2d8676812950c38045050734e95e40e
parentf68b681e785456207fd8195ac83ade0c89373416 (diff)
wgtpkg-install: Add default permissions
Only one default permission is used now: "urn:AGL:token:valid" that is used to check token validity. This adds in the cynagora database the rule SMACKID * * urn:AGL:token:valid yes forever That means that applications having a smack label installed by the framework behave as if they have a valid token, a token without any scope/permission but just valid. This is needed during the transition to token based permission policy. Bug-AGL: SPEC-2968 Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/wgtpkg-install.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index bbeb2fe..0122eda 100644
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port";
static uint32_t *port_bits = NULL;
+static const char *default_permissions[] = {
+ "urn:AGL:token:valid"
+};
+
/*
* normalize unit files: remove comments, remove heading blanks,
* make single lines
@@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc)
perm = next_usable_permission();
}
+ /* install default permissions */
+ n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+ for (i = 0 ; i < n ; i++) {
+ perm = default_permissions[i];
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ }
+
rc = secmgr_install();
return rc;
error2: