From 7d50de9020901a843095568462a23b4a1ae5f6c3 Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Wed, 22 Jan 2020 18:27:58 +0100 Subject: Improve setup for solving access issues While developping the binding afb-test, the export of the binding afm-test, using "provided-binding" feature reavealed to be broken because of security setup. Bug-AGL: SPEC-2795 Change-Id: Ifc11a8b6a0f20b25d34a8f6b2f81f4c8b5f98238 Signed-off-by: Jose Bollo --- conf/system/afm-system-setup.sh.in | 18 +++++++------- conf/system/afm-user-setup.sh.in | 48 +++++++++++++++++--------------------- 2 files changed, 29 insertions(+), 37 deletions(-) diff --git a/conf/system/afm-system-setup.sh.in b/conf/system/afm-system-setup.sh.in index b7a3c5d..f70a530 100644 --- a/conf/system/afm-system-setup.sh.in +++ b/conf/system/afm-system-setup.sh.in @@ -3,22 +3,20 @@ pdir=@afm_platform_rundir@ dodir() { - if ! test -e $1; then - mkdir -m 755 $1 - chsmack -a '*' -T $1 - fi + for x; do + test -e "$x" || mkdir -m 755 "$x" + chmod 755 "$x" + chsmack -T -a 'System::Shared' "$x" + done } -dodir $pdir -dodir $pdir/display -dodir $pdir/apis -dodir $pdir/apis/ws -dodir $pdir/apis/link +dodir $pdir $pdir/display $pdir/apis $pdir/apis/ws $pdir/apis/link + @create_platform_debug@ spdir=@afm_scope_platform_dir@ if ! test -e $spdir; then mkdir -m 755 $spdir - chsmack -a '*' -T $spdir + chsmack -T -a 'User::App-Shared' $spdir chown daemon:daemon $spdir fi diff --git a/conf/system/afm-user-setup.sh.in b/conf/system/afm-user-setup.sh.in index 058420d..e1c1070 100644 --- a/conf/system/afm-user-setup.sh.in +++ b/conf/system/afm-user-setup.sh.in @@ -1,36 +1,30 @@ #!/bin/sh -uid=$1 -udir=/run/user/$uid - -dodir_star() { - if ! test -e $1; then - mkdir -m 700 $1 - chown $uid:$uid $1 - fi - chsmack -a '*' $1 -} - -dodir_star $udir -dodir_star $udir/apis -dodir_star $udir/apis/ws -dodir_star $udir/apis/link - -dodir_usrshr() { - if ! test -e $1; then - mkdir -m 700 $1 - chown $uid:$uid $1 - fi - chsmack -a User::App-Shared -t $1 +uid="$1" +bdir=/run/user +udir="$bdir/$uid" + +dodir() { + local x smackset="$1" + shift + for x; do + test -e "$x" || mkdir -m 700 "$x" + chmod 700 "$x" + chown "$uid:$uid" "$x" + chsmack $smackset "$x" + done } -dodir_usrshr $udir/usrshr +dodir '-T -a User::App-Shared' "$bdir" "$udir" +dodir '-t -a User::App-Shared' "$udir/usrshr" +dodir '-T -a System::Shared' "$udir/apis" +dodir '-t -a System::Shared' "$udir/apis/ws" "$udir/apis/link" doln() { - if ! test -e $2; then - ln -sf $1 $2 - chown -h $uid:$uid $2 - chsmack -a '*' $2 + if ! test -e "$2"; then + ln -sf "$1" "$2" + chown -h "$uid:$uid" "$2" + chsmack -a 'System::Shared' "$2" fi } -- cgit 1.2.3-korg