summaryrefslogtreecommitdiffstats
path: root/conf
AgeCommit message (Collapse)AuthorFilesLines
2020-12-02Add network and bluetooth permissions to service templateScott Murray1-2/+10
Add new public:network and public:bluetooth permissions that currently drive adding dependencies on network.target and bluetooth.target, respectively. This allows related bindings to depend on those to avoid start up races. In the future, these permissions could perhaps be tied to configuring DBus access control of the related services. Bug-AGL: SPEC-3509 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I582691bfe223a01ce80f04a4b0a1463d58287a9c (cherry picked from commit 0a24bbdab25e792b5abe2f3708aceb5a9b3a5e42)
2020-06-16Add weston dependency for units with display permissionjellyfish_9.99.1jellyfish/9.99.19.99.1Scott Murray1-0/+5
Add logic to the systemd unit template to add a dependency on the weston@display.service if the widget has the display permission. This fixes races with apps against weston / the new AGL compositor. Bug-AGL: SPEC-3411 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ib89da253933e7e34cfe5dfeb668c8d9df63f0e51
2020-04-06Update weston dependency in afm-system-setup.serviceScott Murray1-1/+1
When I switched AGL over to using upstream OE's template unit scheme for running weston as non-root for the zeus upgrade, I missed the dependency in afm-system-setup.service, update it to weston@display.service to match the new configuration. Bug-AGL: SPEC-3309 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ifef4d63be3326fb6d36eb997cb2bc331c49a1250
2020-02-20Fix homescreen start on yocto/ZeusJosé Bollo1-2/+2
Replacing BindsTo by Requires fix the start issue of the homescreen that complained with the message systemd[1]: afm-appli-homescreen--0.1--main@1001.service: ... ... Bound to unit afm-api-vshl-core@1001.service, but unit isn't active. Bug-AGL: SPEC-3178 Change-Id: I8df50354128d319f3dfc93b4d10848ecafdb6773 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2020-02-11system setup: Fix settings on /run/userJosé Bollo2-3/+3
The setting made fail the 'service user-runtime-dir@.service'. It also had bad effect on starting of dashboard application. Bug-AGL: SPEC-3175 Change-Id: Ic937c707fce4b3d2c03616055e140b65e4b29cfb Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2020-01-23Improve setup for solving access issuesicefish_8.99.5icefish/8.99.58.99.5Jose Bollo2-37/+29
While developping the binding afb-test, the export of the binding afm-test, using "provided-binding" feature reavealed to be broken because of security setup. Bug-AGL: SPEC-2795 Change-Id: Ifc11a8b6a0f20b25d34a8f6b2f81f4c8b5f98238 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2020-01-08Update copyrightJosé Bollo5-5/+5
Change-Id: I1d68e07563d9f0f139d1bc8128e09a5da0a648af Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-17Use of cynagoauthJosé Bollo2-2/+2
The flow of HTML5 applications is adjusted to use the basic implementation of cynagoauth. Bug-AGL: SPEC-2968 Bug-AGL: SPEC-3032 Change-Id: Iabf7ebb39fe9ed87bf1fd5b6742fb512a6df19a7 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-16Introduce widget type application/vnd.agl.resourceJose Bollo2-2/+9
The widget type application/vnd.agl.resource doesn't brings service. It can be used to provide a binding to the system. Bug-AGL: SPEC-3057 Bug-AGL: SPEC-1663 Change-Id: I5c900865b8eeec494953942c8069dfefe254a85c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-13Ensure home and workir to widget of scope-platformicefish_8.99.3icefish/8.99.38.99.3José Bollo2-3/+10
The widget requesting the permission to run at platform scope: urn:AGL:permission::partner:scope-platform should be able to record data and state. This change provides a default place to achieve it. Bug-AGL: SPEC-2998 Change-Id: I148a670d3e08e36603ebd318b533ea1e1a695750 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Introduce localuser interface for applicationsicefish_8.99.2icefish/8.99.28.99.2José Bollo2-1/+4
This change make use of nss-localuser hostname family (see https://git.automotivelinux.org/src/nss-localuser/) to separate applications and users, each running its own IP address and hostname. The intended behaviour is to use existing browser policy to ensure privacy of applications and users. Bug-AGL: SPEC-2968 Change-Id: Ie1a3c7331fd43e8747afae2cd338df461bac1454 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Enforce numeric application IDsJosé Bollo2-1/+3
This change allows to index applications numerically. This can be used for various purposes. One of it is to compute the HTTP port. Bug-AGL: SPEC-2968 Change-Id: I74531781f3a39d5d4b09eeb907f57f36822e38f0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-12-03Remove tokensJosé Bollo1-2/+0
Tokens are no more managed by the binder. Bug-AGL: SPEC-2968 Change-Id: Iabcbc6e900811cd88729f007bb16ba493d0c0651 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-10-10Add discovery of APIicefish_8.99.1icefish/8.99.18.99.1José Bollo1-0/+1
This change allows binders to use API not declared in the config.xml file. This behaviour is allowed by the platform permission urn:AGL:permission::platform:apis:auto-ws It allows a binding to use started bindings not listed in their config.xml file. But it does not allow to start them or to discover them. Bug-AGL: SPEC-2871 Change-Id: Iff0ec8417541171d446254e538201b7f6c7887ea Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-10-08Add WAIT_FOR_HOST_SERVICE envvar to unit files for webappsJacobo Aragunde Pérez1-0/+1
This envvar will make the application launcher wait for the WebAppMgr service to be fully running before attempting to launch the app. Otherwise, launcher would resort to running the app in standalone mode, which would conflict with the WebAppMgr service when it's finally running. It will be useful for webapps that are auto-started, like the future homescreen or the html5-launcher. Bug-AGL: SPEC-2793 Signed-off-by: Jacobo Aragunde Pérez <jaragunde@igalia.com> Change-Id: I97f927c856b0dd2643f8b7492dff06b2c459761d
2019-10-08conf/system: fix shebang not absolute.Romain Forlot2-2/+2
Wrong shebang in some shell script prevents packaging to ends correctly. Bugs-AGL: SPEC-2863 Change-Id: I63ae56ddc88f9f9dfa0734efff69c26c87800a07 Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
2019-06-14Fix synchronisation of user setupJosé Bollo4-7/+25
The user setup takes care of populating correctly the directory /run/user/UID with needed items BEFORE user services start. Bug-AGL: SPEC-1015 Change-Id: I6f942d73bf241d593c960dbf3bc6a038f1746fe0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14Introduce platform servicesJosé Bollo10-41/+239
The platform services are services that run at the global platform scope as opposite to services that run in the context of the user. Bug-AGL: SPEC-1015 Change-Id: I08c2d47715cbc7436e67781d5e638386be531520 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14Introduce dbus config of servicesJosé Bollo4-0/+118
The files conf/dbus/afm-permissions-*.conf are introduced to grant the permission to access specific services. At the moment the same permission is used: http://tizen.org/privilege/internal/dbus But the idea is to replace it by a set of different permissions. Bug-AGL: SPEC-1016 Change-Id: Ide54e7fd9ae328ff17a877e4ec04b18ad32fb899 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-14afm-user-daemon: Remove it by defaultJosé Bollo1-1/+1
The daemon afm-user-daemon is deprecated. To be cleaner, it is removed from the compilation and the installation. It is still kept a again for little time in the unexpected case where it could be useful to compile it. Bug-AGL: SPEC-2437 Change-Id: Ifccee49eb14ceff5f7a78fb299260918a585bf93 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-06-04afm-unit.conf: Refactor its generationJosé Bollo10-611/+21
The process of generating the file /etc/afm-unit.conf had be reworked to be more straight forward. Before that commit, a manual operation (a "make") had to be done before committing the repository. This was not efficient, error prone and kept temporary files in conf. That commit changes it by calling m4 through cmake. Bug-AGL: SPEC-2436 Change-Id: Ia32a810286471dde8a01387d157e33277d67411d Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit.conf: cleanup of generationJosé Bollo8-138/+144
The generation files are reworked to improve their evolution and maintainability: - the Makefile now refers to any .inc file - the macros are isolated from the skeleton - main iterators are managed in the skeleton - improve management of UNIT_NAME_BASE Bug-AGL: SPEC-2436 Change-Id: I0877eb0149c9362be3290ed2c146cc69fc6bf718 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit: Simplify the MakefileJosé Bollo2-9/+4
The use of AFM_CONFIG_DIR brings nothing except confusion. Bug-AGL: SPEC-2436 Change-Id: I21a18ad98349bf6799b72061523bc353ad3d6c3f Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-user-session: moves in libexec directoryJosé Bollo4-13/+4
Having the binary 'afm-user-session' in /usr/bin brings nothing. It is better to keep it in private area. Bug-AGL: SPEC-2367 Change-Id: I8ef517f599c02e18d8987278a6652a065ee6f0b6 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23afm-unit conf: Remove useless testsJosé Bollo3-13/+0
The tests were not needed because they were in the body of a conditional part ruled by the same test. Bug-AGL: SPEC-2436 Change-Id: Ia5cd1157dde6fc2b5aa1153aa375568b39639caf Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-23Use definition of afm_prefixJosé Bollo3-23/+23
The prefix of the URN for AGL features should be settable. Bug-AGL: SPEC-2436 Change-Id: I49e9634ebc6a280c28caa6e6764e543a7e78253c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-05-14Refactor of system and user setuphalibut_7.99.1halibut/7.99.17.99.1José Bollo7-26/+71
Since a long time, the creation of the user and system run environment was made by a sub-optimal, hardly maintainable and false-error generating. This change puts the user and system setup in separate shell scripts. This makes them more easy to maintain, update or tune. This facility will useful for further evolution. Bug-AGL: SPEC-1016 Change-Id: Iede81a659eacf4e5c21c561a33d300408e1bd058 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2019-04-30Allow setting of libexec locationJosé Bollo1-1/+1
The location of the framework binding could not be tuned but is fixed. The default location is good but it is important to be able to tune that location. This at least has the good effect that the location is set at one point in the build system instead of at multiple points as today. Bug-AGL: SPEC-2367 Change-Id: Ib06fdff56d1828eacd0d1f82c2e1308d0b36fa5e Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-04-26afm-unit: Restore removal of capabilitiesJosé Bollo4-4/+4
This removes capabilities to any application installed and launched. Also fixes a tiny bug in setup of user environment. Bug-AGL: SPEC-2006 Change-Id: I2c0d85cc2c2d389247ad9ce728f4d9e8e3d74616 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-03-28afm-unit.conf: Add widget specific environmentJosé Bollo4-0/+4
This change allow to set environment specific to a widget in ${afm_confdir}/widget.env.d/ID/* files where ID is the ID of the widget. Setting specific environment for a given widget was not possible (except in devel/debug) before. Change-Id: I8ef9349fda9adb8eecf330ce97cc7ebcd21bf399 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-03-21Add ability to manage all widget/applicationsJosé Bollo3-0/+3
For system uses -like automatic testing-, it is needed to include tha ability to list ALL installed widgets and ALL running instance of installed widgets. This change adds the option -a or --all to the commands 'list' and 'runners' for the purpose of listing any installed widgets, even those requiring to be hidden. Example: afm-util ps -a Bug-AGL: SPEC-2272 Bug-AGL: SPEC-1850 Change-Id: I216ec9c63efea1b3af58e1d2d7723d986e04551e Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2019-02-07Update date in copyrightssandbox/scottrif29/scottdocsJosé Bollo4-4/+4
Change-Id: Ie2ff321f78c59913373e2ffb2820297fd423d6f4 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-02-06Revert "afm-unit: Restore removal of capabilities"halibut_7.90.0halibut/7.90.07.90.0Stephane Desneux3-9/+6
This reverts commit f2a2f1357a5268b614528feeba0a91f4ea04a7aa. Change-Id: I7ff68f27b75c9ddb887470c5579e7b9277aa3613 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2019-01-06afm-user-setup service: disable start rate limitguppy_6.99.4guppy/6.99.46.99.4Stephane Desneux1-0/+2
The service afm-user-setup is invoked each time an app is started. If the user starts apps too quickly (3 apps in less than 10secs by default), then afm-user-setup will fail and the last app is not started. This patch removes the rate limitation coming from systemd default config. Change-Id: Ief6af726c58866e2fc6d3fa170e5f6c6afbee987 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2018-12-20Merge "Revert "afm-unit: add autoapi in required-api feature""guppy_6.99.3guppy/6.99.36.99.3Jan-Simon Moeller3-3/+0
2018-12-20Revert "afm-unit: add autoapi in required-api feature"José Bollo3-3/+0
This reverts commit 2b6e13bd5812dc1d7efe338a163f6dd253bbe15b. Change-Id: I5e2493669da8d45150ed46257b06a5dae005e0bd
2018-12-20Merge "afm-unit: add autoapi in required-api feature"Jan-Simon Moeller3-0/+3
2018-12-18afm-unit: Restore removal of capabilitiesJosé Bollo3-6/+9
This removes capabilities to any application installed and launched. Also applications are added by default to the display group, meaning that it can be displayed. Bug-AGL: SPEC-2006 Change-Id: Ia0b2d0df3ec1c74f37ca176fc9f0e8db96de3566 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-18afm-unit: Fix http port multi allocationJosé Bollo3-8/+8
When serveral targets were set in the widget file, the framework allocated the same HTTP port to each. This lead to impossibility to run all targets or to a systemd conflict. This should fix the issue by allocating an HTTP port for each target installed by the widget. To achieves that goal, the afm-unit.conf tag for the port is moved from '#metadata.http-port' to '#metatarget.http-port'. Bug-AGL: SPEC-2068 Change-Id: I5376d6f052e0ffc5c77cc80041528637777aed1e Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-14afm-unit: add autoapi in required-api featureClément Bénier3-0/+3
- required-api feature: add autoapi value - start the daemon with --auto-api option to the websocket directory Change-Id: Ia36d0edb4bfa22d07feafed580373cda21dd5b35 Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
2018-11-08afm-unit: Export new variablesJosé Bollo7-6/+16
Export the new variables: - AFM_ID: the identifier of the application - AFM_WORKDIR: the workdir of the application - AFM_WSAPI_DIR: the directory where APIs can be accessed Change-Id: I79b46754f84161a36d9a13dd79bc94e777c854fe Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-10-19afm-unit.conf: Enforce starting after networkJose Bollo3-0/+3
This solves issues encountered when starting remote services. It delays all services until completion of network initialisation. Delaying every services is not selective. Further optimisation may improve that issue. Bug-AGL: SPEC-1650 Change-Id: I5742a4cd514c86c724a8e7a86c7e0a5dde6a8c67 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2018-10-19afm-unit.conf: Restrict service for APIsJose Bollo3-3/+3
Forbids exportation of service apis for apis that are not exported as 'ws' or 'auto'. Bug-AGL: SPEC-1650 Change-Id: I0681bdb0632d9f331036abc1ff1e1b2bb37933cd Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2018-10-19Add the ability to access binding through tcpJosé Bollo3-0/+6
This commit introduce "tcp", a new type of provided/required api. It appears in the config.xml as below: <urn:AGL:widget:provided-api> <param "name"="HOST:PORT/API" "value"="tcp"> <urn:AGL:widget:required-api> <param "name"="HOST:PORT/API" "value"="tcp"> This implementation is a draft. The service exposed can not start automatically. Use it with the permission urn:AGL:permission::system:run-by-default. Change-Id: Ic593f0d891692ca0c777c49057ec54c37fc55cc0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-10-05afm-unit.conf: force symbolic link on updateRomain Forlot3-3/+3
Forcing symbolic link update ensures that if the value changes the link will be overwriten. Otherwise the link always keeps the old path until a system reboot or a manual removal of the link file. Change-Id: Ib9d8f267a8665edd75ce04f77eb70c4b0a4b8e9f Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
2018-08-16Add the external binding featureflounder_5.99.3flounder/5.99.35.99.3José Bollo9-19/+118
This commit introduce two new features: <urn:AGL:widget:provided-binding> <param "name"="public-name" "value"="relative-path-to-the-binding"/> <urn:AGL:widget:required-binding> <param "name"="public-name" "value"="extern"> <param "name"="relative-path-to-the-binding" "value"="local"> TODO: manage security by setting correct Smack label to the exported files Bugs-AGL: SPEC-1439 Bugs-AGL: SPEC-1663 Change-Id: I70aad7d523ece7a2ae0058b79708a02ef81144e2 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-07-19Creates systemd service for APIsJosé Bollo7-43/+142
Before this change, APIs were only provided as binder's exported websockets. This forbade ability to use symbolic links. Allowing links is interesting for having platform sockets and for linked api (not using socket). The API afm-main is a platform API. It must run at system level and must be available for all user clients. To achieve it, we use a link. Bug-AGL: SPEC-1592 Change-Id: I8753f83373755eb7fc2d2cc50251b8f738b61b03 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-05-24afm-system-daemon.service: Fix a typoJosé Bollo1-1/+1
Change-Id: If9dcd49edad5a34ea9c7bdfcba7d7bc44bbafbeb Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28Refactor user session managementJosé Bollo9-15/+70
Change-Id: Ib6ba886df110d8a23e3760e1818263ec757b9c7c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28provided.inc: Fix smack label of socketsJosé Bollo3-6/+6
Change-Id: I53d3cac7136e4d169acd8e3e3de5ea8439dd0192 Signed-off-by: José Bollo <jose.bollo@iot.bzh>