summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-07-11Fix labelling of files of widgetsJosé Bollo3-24/+131
Before that change any application could browse content of other application. This change fixes that unintended behaviour by setting the installed files as private to the application. This affects the Smack labels of the files that after the change become the label of the application. Conversely, it will now be necessarily to explicit shared files. It happens in situation of resource widgets, the one that provide a binding using the feature urn:AGL:widget:provided-binding in config.xml. The typical example is the widget for testing: afbtest. The exported binding must be accessible by its clients. But because it also use files that it provides, these files must also be accessible by clients. For that reason, the feature urn:AGL:widget:public-files is introduced to config files, allowing a widget to make part of its installed files public. The installation logic is changed to handle correctly the security manager that applies rights of directories to files it contains. So the declaring directories and files using the order of increasing path length ensures that the expected rights are applied. Bug-AGL: SPEC-3489 Change-Id: I933446a8c155a03d9b66767f1dda63aeaeb21eb1 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-06-16Add weston dependency for units with display permissionjellyfish_9.99.1jellyfish/9.99.19.99.1Scott Murray1-0/+5
Add logic to the systemd unit template to add a dependency on the weston@display.service if the widget has the display permission. This fixes races with apps against weston / the new AGL compositor. Bug-AGL: SPEC-3411 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ib89da253933e7e34cfe5dfeb668c8d9df63f0e51
2020-05-28Fix uninstall of widgets without iconsScott Murray1-12/+14
Trying to uninstall a widget without an icon would remove the widget files, but report an error, and the widget would not be removed from the database until a reboot, preventing installation of a new version. To fix this, the error handling in uninstall_widget has been reworked to only explicitly return an error when the unlink of the icon file fails for reasons other than the file not being present. This then allows some code cleanup by removing the extra rc2 variable and fixing some error checks where rc and rc2 were being mixed. Bug-AGL: SPEC-3401 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ica4a91f41b2bd9e16e16dee4ce660f6fa1f7840b
2020-05-19Improve use of systemd's statesJosé Bollo4-57/+99
A better handling of systemd state is need to treat correctly transient states. That change includes: - Management of states with numeric identifiers instead of names - Handling of the state "inactive" as a stable state. Most of previous seen problems were coming from that miss. - Returning no error but also no info on the process if it falled to "inactive" meaning that it stopped quickly. Bug-AGL: SPEC-3323 Change-Id: Ibf35eb6257c5583596d675cad0bec2869f5fd5f7 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-05-06afm-urun: Fix infinite loop on start statusJosé Bollo1-3/+6
Ensure that there is no infinite loop when waiting for the completion of a status. Bug-AGL: SPEC-3323 Change-Id: I93537e9bbbe8ef357d112bea1cb6201e96d01ebf Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-04-06Merge "Update weston dependency in afm-system-setup.service"Jan-Simon Moeller1-1/+1
2020-04-06Update weston dependency in afm-system-setup.serviceScott Murray1-1/+1
When I switched AGL over to using upstream OE's template unit scheme for running weston as non-root for the zeus upgrade, I missed the dependency in afm-system-setup.service, update it to weston@display.service to match the new configuration. Bug-AGL: SPEC-3309 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ifef4d63be3326fb6d36eb997cb2bc331c49a1250
2020-02-28Add feature of autosigning widgetsJosé Bollo3-2/+107
This adds the ability to automatically sign the widgets that are packaged. This is done by defining in the environment of the packaging process the variables WGTPKG_AUTOSIGN_X=key-filepath[:cert-filepath]... Where X is a number. If such variable exist, signatures are generated in the directory of the packaged or signed widget, one for each variable, replacing any existing one. Obviously, nothing is done if no such variable exist. The generated signature file depends on X. - 0 is for file author-signature.xml - X is for file signature-X.xml The program wgtpkg-pack automatically include that behaviour by default. An option allows to remove it. Bug-AGL: SPEC-2840 Change-Id: I00bc4a4d094f71b307e467f984f20d3d4cc3c7bd Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-02-28Refactor of sample keys and certificatesJose Bollo24-439/+460
Avoid installing any certificate or key. But if requested, install the certificates and the keys that are given as example. Bug-AGL: SPEC-2840 Change-Id: I26aebd63fad842bb9746c3a004956d9dbafc091f Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-02-28Refactor ALLOW_NO_SIGNATURE compile flagJose Bollo4-14/+24
Fix a tiny bug and minor improvements Bug-AGL: SPEC-2840 Change-Id: I9b74a8fd604980615d5669219cb5de801de61163 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-02-28Rename source files and improve readabilityJosé Bollo8-38/+62
Also rename wgtpkg-installer tools as wgtpkg-install. Shorter and obvious. Bug-AGL: SPEC-2840 Change-Id: Ifed072bfef488700807613dd61875a30a4041d7a Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-02-20Fix homescreen start on yocto/ZeusJosé Bollo1-2/+2
Replacing BindsTo by Requires fix the start issue of the homescreen that complained with the message systemd[1]: afm-appli-homescreen--0.1--main@1001.service: ... ... Bound to unit afm-api-vshl-core@1001.service, but unit isn't active. Bug-AGL: SPEC-3178 Change-Id: I8df50354128d319f3dfc93b4d10848ecafdb6773 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2020-02-14Remove distinction of widget's versionJose Bollo4-9/+33
This removes the distinction between the different versions of a widget. The boolean CMAKE option DISTINCT_VERSIONS allows to switch between the two possibilities: DISTINCT_VERSIONS=OFF (default) Widget installed in {afm_appdir}/{id} Ids of applications have no version part: {id} DISTINCT_VERSIONS=ON (legacy, old default) Widget installed in {afm_appdir}/{id}/{ver} Ids of applications have no version part: {id}@{ver} Bug-AGL: SPEC-2538 Change-Id: I7cb54d4b296b740c553be8a627e66175107e5a4b Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2020-02-11Merge "system setup: Fix settings on /run/user"Jan-Simon Moeller2-3/+3
2020-02-11Update .gitreview fileJan-Simon Möller1-1/+1
This updates the gitreview file in the project . Change-Id: Iba40cae90f43e6aeded464b8dd1e8b6bdc65aacf Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
2020-02-11system setup: Fix settings on /run/userJosé Bollo2-3/+3
The setting made fail the 'service user-runtime-dir@.service'. It also had bad effect on starting of dashboard application. Bug-AGL: SPEC-3175 Change-Id: Ic937c707fce4b3d2c03616055e140b65e4b29cfb Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-01-23Improve setup for solving access issuesicefish_8.99.5icefish/8.99.58.99.5Jose Bollo2-37/+29
While developping the binding afb-test, the export of the binding afm-test, using "provided-binding" feature reavealed to be broken because of security setup. Bug-AGL: SPEC-2795 Change-Id: Ifc11a8b6a0f20b25d34a8f6b2f81f4c8b5f98238 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2020-01-08Update copyrightJosé Bollo75-80/+80
Change-Id: I1d68e07563d9f0f139d1bc8128e09a5da0a648af Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-20wgtpkg-install: Fix allocation of IDsicefish_8.99.4icefish/8.99.48.99.4Jose Bollo1-3/+9
The framework wasn't correctly attributing application ids because scanning existing applications was broken. Bug-AGL: SPEC-3068 Change-Id: I01aa736c0ea072b5e4141fb5faa1981be81048ce Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2019-12-17Use of cynagoauthJosé Bollo2-2/+2
The flow of HTML5 applications is adjusted to use the basic implementation of cynagoauth. Bug-AGL: SPEC-2968 Bug-AGL: SPEC-3032 Change-Id: Iabf7ebb39fe9ed87bf1fd5b6742fb512a6df19a7 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-16Introduce widget type application/vnd.agl.resourceJose Bollo2-2/+9
The widget type application/vnd.agl.resource doesn't brings service. It can be used to provide a binding to the system. Bug-AGL: SPEC-3057 Bug-AGL: SPEC-1663 Change-Id: I5c900865b8eeec494953942c8069dfefe254a85c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-13Ensure home and workir to widget of scope-platformicefish_8.99.3icefish/8.99.38.99.3José Bollo3-3/+11
The widget requesting the permission to run at platform scope: urn:AGL:permission::partner:scope-platform should be able to record data and state. This change provides a default place to achieve it. Bug-AGL: SPEC-2998 Change-Id: I148a670d3e08e36603ebd318b533ea1e1a695750 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Introduce localuser interface for applicationsicefish_8.99.2icefish/8.99.28.99.2José Bollo2-1/+4
This change make use of nss-localuser hostname family (see https://git.automotivelinux.org/src/nss-localuser/) to separate applications and users, each running its own IP address and hostname. The intended behaviour is to use existing browser policy to ensure privacy of applications and users. Bug-AGL: SPEC-2968 Change-Id: Ie1a3c7331fd43e8747afae2cd338df461bac1454 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Enforce numeric application IDsJosé Bollo7-61/+75
This change allows to index applications numerically. This can be used for various purposes. One of it is to compute the HTTP port. Bug-AGL: SPEC-2968 Change-Id: I74531781f3a39d5d4b09eeb907f57f36822e38f0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Remove tokensJosé Bollo1-2/+0
Tokens are no more managed by the binder. Bug-AGL: SPEC-2968 Change-Id: Iabcbc6e900811cd88729f007bb16ba493d0c0651 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03wgtpkg-install: Add default permissionsJosé Bollo1-0/+14
Only one default permission is used now: "urn:AGL:token:valid" that is used to check token validity. This adds in the cynagora database the rule SMACKID * * urn:AGL:token:valid yes forever That means that applications having a smack label installed by the framework behave as if they have a valid token, a token without any scope/permission but just valid. This is needed during the transition to token based permission policy. Bug-AGL: SPEC-2968 Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-10-10Add discovery of APIicefish_8.99.1icefish/8.99.18.99.1José Bollo1-0/+1
This change allows binders to use API not declared in the config.xml file. This behaviour is allowed by the platform permission urn:AGL:permission::platform:apis:auto-ws It allows a binding to use started bindings not listed in their config.xml file. But it does not allow to start them or to discover them. Bug-AGL: SPEC-2871 Change-Id: Iff0ec8417541171d446254e538201b7f6c7887ea Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-10-08Add WAIT_FOR_HOST_SERVICE envvar to unit files for webappsJacobo Aragunde Pérez1-0/+1
This envvar will make the application launcher wait for the WebAppMgr service to be fully running before attempting to launch the app. Otherwise, launcher would resort to running the app in standalone mode, which would conflict with the WebAppMgr service when it's finally running. It will be useful for webapps that are auto-started, like the future homescreen or the html5-launcher. Bug-AGL: SPEC-2793 Signed-off-by: Jacobo Aragunde Pérez <jaragunde@igalia.com> Change-Id: I97f927c856b0dd2643f8b7492dff06b2c459761d
2019-10-08conf/system: fix shebang not absolute.Romain Forlot2-2/+2
Wrong shebang in some shell script prevents packaging to ends correctly. Bugs-AGL: SPEC-2863 Change-Id: I63ae56ddc88f9f9dfa0734efff69c26c87800a07 Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
2019-09-13Revert "Make source files relative"José Bollo1-1/+0
This reverts commit 37d9652ee0011eff9346a54c33bd459b53e29d0f. Revert looks good because the issue has to be adressed by the build environment. Bug-AGL: SPEC-2801 Change-Id: I51cd51344fc6c6d602f6636c2ffe3af094a78c52 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-09-10Make source files relativeJosé Bollo1-0/+1
It is intended to enhance reproducibility of produced binaries as unmeaning prefixes are removed. Bug-AGL: SPEC-2801 Change-Id: Ic406e4477e47c313757c00932db0f129e1d3d01f Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-19Merge "afm-user-daemon: Remove it by default"halibut_8.0.0halibut_7.99.3halibut_7.99.2halibut/8.0.0halibut/7.99.3halibut/7.99.28.0.07.99.37.99.2Jan-Simon Moeller0-0/+0
2019-06-14Fix synchronisation of user setupJosé Bollo4-7/+25
The user setup takes care of populating correctly the directory /run/user/UID with needed items BEFORE user services start. Bug-AGL: SPEC-1015 Change-Id: I6f942d73bf241d593c960dbf3bc6a038f1746fe0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14Introduce platform servicesJosé Bollo11-42/+246
The platform services are services that run at the global platform scope as opposite to services that run in the context of the user. Bug-AGL: SPEC-1015 Change-Id: I08c2d47715cbc7436e67781d5e638386be531520 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14Introduce dbus config of servicesJosé Bollo4-0/+118
The files conf/dbus/afm-permissions-*.conf are introduced to grant the permission to access specific services. At the moment the same permission is used: http://tizen.org/privilege/internal/dbus But the idea is to replace it by a set of different permissions. Bug-AGL: SPEC-1016 Change-Id: Ide54e7fd9ae328ff17a877e4ec04b18ad32fb899 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14afm-user-daemon: Remove it by defaultJosé Bollo3-4/+8
The daemon afm-user-daemon is deprecated. To be cleaner, it is removed from the compilation and the installation. It is still kept a again for little time in the unexpected case where it could be useful to compile it. Bug-AGL: SPEC-2437 Change-Id: Ifccee49eb14ceff5f7a78fb299260918a585bf93 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-04afm-user-daemon: Remove it by defaultJosé Bollo3-4/+8
The daemon afm-user-daemon is deprecated. To be cleaner, it is removed from the compilation and the installation. It is still kept a again for little time in the unexpected case where it could be useful to compile it. Bug-AGL: SPEC-2437 Change-Id: I164de87dd006570671543204dab5233fca40e538 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-04afm-unit.conf: Refactor its generationJosé Bollo10-611/+21
The process of generating the file /etc/afm-unit.conf had be reworked to be more straight forward. Before that commit, a manual operation (a "make") had to be done before committing the repository. This was not efficient, error prone and kept temporary files in conf. That commit changes it by calling m4 through cmake. Bug-AGL: SPEC-2436 Change-Id: Ia32a810286471dde8a01387d157e33277d67411d Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2019-06-03Merge "gitignore: Add ignore of EXTERNALSRC's artifacts"José Bollo1-0/+3
2019-06-03Merge "afm-unit.conf: cleanup of generation"José Bollo8-138/+144
2019-06-03Merge "afm-unit: Simplify the Makefile"José Bollo2-9/+4
2019-06-03Merge "afm-user-session: moves in libexec directory"José Bollo5-14/+5
2019-06-03Merge "afm-unit conf: Remove useless tests"José Bollo3-13/+0
2019-06-03Merge "Use definition of afm_prefix"José Bollo5-35/+35
2019-05-23gitignore: Add ignore of EXTERNALSRC's artifactsJosé Bollo1-0/+3
This tiny change allows to use EXTERNALSRC when building debugging images without having its git status polluted. Bug-AGL: SPEC-2006 Change-Id: Ic6556a34c487012471ed456c6b4467d686fee816 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit.conf: cleanup of generationJosé Bollo8-138/+144
The generation files are reworked to improve their evolution and maintainability: - the Makefile now refers to any .inc file - the macros are isolated from the skeleton - main iterators are managed in the skeleton - improve management of UNIT_NAME_BASE Bug-AGL: SPEC-2436 Change-Id: I0877eb0149c9362be3290ed2c146cc69fc6bf718 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit: Simplify the MakefileJosé Bollo2-9/+4
The use of AFM_CONFIG_DIR brings nothing except confusion. Bug-AGL: SPEC-2436 Change-Id: I21a18ad98349bf6799b72061523bc353ad3d6c3f Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-user-session: moves in libexec directoryJosé Bollo5-14/+5
Having the binary 'afm-user-session' in /usr/bin brings nothing. It is better to keep it in private area. Bug-AGL: SPEC-2367 Change-Id: I8ef517f599c02e18d8987278a6652a065ee6f0b6 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit conf: Remove useless testsJosé Bollo3-13/+0
The tests were not needed because they were in the body of a conditional part ruled by the same test. Bug-AGL: SPEC-2436 Change-Id: Ia5cd1157dde6fc2b5aa1153aa375568b39639caf Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23Use definition of afm_prefixJosé Bollo5-35/+35
The prefix of the URN for AGL features should be settable. Bug-AGL: SPEC-2436 Change-Id: I49e9634ebc6a280c28caa6e6764e543a7e78253c Signed-off-by: José Bollo <jose.bollo@iot.bzh>