From 653562e1449c935f087d2d8265081eeac1cd73b4 Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Tue, 3 Dec 2019 15:04:02 +0100
Subject: Introduce localuser interface for applications
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This change make use of nss-localuser hostname
family (see https://git.automotivelinux.org/src/nss-localuser/)
to separate applications and users, each running its
own IP address and hostname.

The intended behaviour is to use existing browser policy to
ensure privacy of applications and users.

Bug-AGL: SPEC-2968

Change-Id: Ie1a3c7331fd43e8747afae2cd338df461bac1454
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 conf/unit/binder.inc | 4 +++-
 conf/unit/macros.inc | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/conf/unit/binder.inc b/conf/unit/binder.inc
index ba5049e..81758fc 100644
--- a/conf/unit/binder.inc
+++ b/conf/unit/binder.inc
@@ -18,12 +18,14 @@ IF_AGL_DEVEL \
 	--verbose \
 	--monitoring \
 	--port={{:#metatarget.http-port}} \
+	--interface=tcp:LOCALUSERAPP:8080 \
 	--roothttp=ON_CONTENT(application/vnd.agl.service, ., ON_PERM(:public:no-htdocs, ., htdocs)) \
 ELSE \
 	IF_CONTENT(application/vnd.agl.service) \
 		--no-httpd \
 	ELSE \
 		--port={{:#metatarget.http-port}} \
+		--interface=tcp:LOCALUSERAPP:8080 \
 		--roothttp=ON_PERM(:public:no-htdocs, ., htdocs) \
 	ENDIF \
 ENDIF \
@@ -45,6 +47,6 @@ ENDIF \
 		ON_VALUE(tcp,		--ws-server=tcp:{{name}}) \
 	{{/provided-api}} \
 	ON_PERM(:platform:apis:auto-ws, --auto-api=API_PATH_WS) \
-	ON_CONTENT(text/html,			--exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t) \
+	ON_CONTENT(text/html,			--exec /usr/bin/web-runtime http://LOCALUSERAPP:8080/{{content.src}}) \
 	ON_CONTENT(application/vnd.agl.native,	--exec {{:#metadata.install-dir}}/{{content.src}} @p @t)
 %nl
diff --git a/conf/unit/macros.inc b/conf/unit/macros.inc
index f21dee5..2fc9bc5 100644
--- a/conf/unit/macros.inc
+++ b/conf/unit/macros.inc
@@ -76,6 +76,7 @@ define( `USER_API_PATH', `USER_RUN_DIR/apis')
 define( `USER_API_PATH_WS', `USER_API_PATH/ws')
 define( `USER_API_PATH_LINK', `USER_API_PATH/link')
 
+define( `LOCALUSERAPP', `ON_PERM(`:partner:scope-platform', `localuser---AFID', `localuser--AFID')')
 --------------------------------------------------------------------------------
 -- AGL_DEVEL SPECIFIC PARTS
 --------------------------------------------------------------------------------
-- 
cgit