From 581f99c340d6b697b3b503df683e4bdeb59736d1 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 26 Nov 2019 21:27:44 +0100 Subject: wgtpkg-install: Add default permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only one default permission is used now: "urn:AGL:token:valid" that is used to check token validity. This adds in the cynagora database the rule SMACKID * * urn:AGL:token:valid yes forever That means that applications having a smack label installed by the framework behave as if they have a valid token, a token without any scope/permission but just valid. This is needed during the transition to token based permission policy. Bug-AGL: SPEC-2968 Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b Signed-off-by: José Bollo --- src/wgtpkg-install.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index bbeb2fe..0122eda 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port"; static uint32_t *port_bits = NULL; +static const char *default_permissions[] = { + "urn:AGL:token:valid" +}; + /* * normalize unit files: remove comments, remove heading blanks, * make single lines @@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc) perm = next_usable_permission(); } + /* install default permissions */ + n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions); + for (i = 0 ; i < n ; i++) { + perm = default_permissions[i]; + rc = secmgr_permit(perm); + INFO("permitting %s %s", perm, rc ? "FAILED!" : "success"); + if (rc) + goto error2; + } + rc = secmgr_install(); return rc; error2: -- cgit 1.2.3-korg