aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJose Bollo <jose.bollo@iot.bzh>2020-01-22 18:27:58 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2020-01-30 09:25:02 +0100
commitb251a659e6de2585f9e29166be93060b640b8410 (patch)
tree2a185f114519a8c857d417d7bbbe1cd5ec1fc41a
parent1289070816089908e9974b0b2495fab093d325ed (diff)
Improve setup for solving access issues
While developping the binding afb-test, the export of the binding afm-test, using "provided-binding" feature reavealed to be broken because of security setup. Bug-AGL: SPEC-2795 Change-Id: Ifc11a8b6a0f20b25d34a8f6b2f81f4c8b5f98238 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
-rw-r--r--conf/system/afm-system-setup.sh.in17
-rw-r--r--conf/system/afm-user-setup.sh.in48
2 files changed, 29 insertions, 36 deletions
diff --git a/conf/system/afm-system-setup.sh.in b/conf/system/afm-system-setup.sh.in
index c3f827e..f70a530 100644
--- a/conf/system/afm-system-setup.sh.in
+++ b/conf/system/afm-system-setup.sh.in
@@ -3,21 +3,20 @@
pdir=@afm_platform_rundir@
dodir() {
- if ! test -e $1; then
- mkdir -m 755 $1
- chsmack -a '*' -T $1
- fi
+ for x; do
+ test -e "$x" || mkdir -m 755 "$x"
+ chmod 755 "$x"
+ chsmack -T -a 'System::Shared' "$x"
+ done
}
-dodir $pdir
-dodir $pdir/display
-dodir $pdir/apis
-dodir $pdir/apis/ws
+dodir $pdir $pdir/display $pdir/apis $pdir/apis/ws $pdir/apis/link
+
@create_platform_debug@
spdir=@afm_scope_platform_dir@
if ! test -e $spdir; then
mkdir -m 755 $spdir
- chsmack -a '*' -T $spdir
+ chsmack -T -a 'User::App-Shared' $spdir
chown daemon:daemon $spdir
fi
diff --git a/conf/system/afm-user-setup.sh.in b/conf/system/afm-user-setup.sh.in
index 058420d..e1c1070 100644
--- a/conf/system/afm-user-setup.sh.in
+++ b/conf/system/afm-user-setup.sh.in
@@ -1,36 +1,30 @@
#!/bin/sh
-uid=$1
-udir=/run/user/$uid
-
-dodir_star() {
- if ! test -e $1; then
- mkdir -m 700 $1
- chown $uid:$uid $1
- fi
- chsmack -a '*' $1
-}
-
-dodir_star $udir
-dodir_star $udir/apis
-dodir_star $udir/apis/ws
-dodir_star $udir/apis/link
-
-dodir_usrshr() {
- if ! test -e $1; then
- mkdir -m 700 $1
- chown $uid:$uid $1
- fi
- chsmack -a User::App-Shared -t $1
+uid="$1"
+bdir=/run/user
+udir="$bdir/$uid"
+
+dodir() {
+ local x smackset="$1"
+ shift
+ for x; do
+ test -e "$x" || mkdir -m 700 "$x"
+ chmod 700 "$x"
+ chown "$uid:$uid" "$x"
+ chsmack $smackset "$x"
+ done
}
-dodir_usrshr $udir/usrshr
+dodir '-T -a User::App-Shared' "$bdir" "$udir"
+dodir '-t -a User::App-Shared' "$udir/usrshr"
+dodir '-T -a System::Shared' "$udir/apis"
+dodir '-t -a System::Shared' "$udir/apis/ws" "$udir/apis/link"
doln() {
- if ! test -e $2; then
- ln -sf $1 $2
- chown -h $uid:$uid $2
- chsmack -a '*' $2
+ if ! test -e "$2"; then
+ ln -sf "$1" "$2"
+ chown -h "$uid:$uid" "$2"
+ chsmack -a 'System::Shared' "$2"
fi
}