From 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd Mon Sep 17 00:00:00 2001
From: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>
Date: Mon, 30 Mar 2020 09:24:26 +0900
Subject: agl-basesystem

---
 .../af-binder/af-binder-devtools-native_git.bb     |   8 +
 .../recipes-core/af-binder/af-binder_git.bb        | 117 ++++++++++++
 .../recipes-core/af-binder/af-binder_git.inc       |  22 +++
 .../af-binder/nativesdk-af-binder-devtools_git.bb  |   8 +
 .../af-main/Hack-to-allow-the-debugging.patch      |  29 +++
 .../recipes-core/af-main/af-main_git.bb            | 127 +++++++++++++
 .../recipes-core/af-main/af-main_git.inc           |  25 +++
 .../recipes-core/af-main/nativesdk-af-main_git.bb  |  27 +++
 .../af-platform-setup/af-platform-setup_1.0.bb     |  16 ++
 .../af-platform-setup/files/udev-shared.conf       |   4 +
 .../recipes-core/base-files/base-files_%.bbappend  |  32 ++++
 .../nss-localuser/nss-localuser_0.1.bb             |  37 ++++
 .../nativesdk-packagegroup-sdk-host.bbappend       |   2 +
 .../packagegroup-agl-app-framework-examples.bb     |  14 ++
 .../packagegroup-agl-app-framework.bb              |  20 +++
 .../security-manager/0001-Adapt-rules-to-AGL.patch |  50 ++++++
 .../0001-Fix-Cmake-conf-for-gcc6-build.patch       |  40 +++++
 .../security-manager/0001-Fix-gcc6-build.patch     |  38 ++++
 ...uires-include-functional-for-std-function.patch |  51 ++++++
 .../Removing-tizen-platform-config.patch           | 196 +++++++++++++++++++++
 .../init-security-manager-db.service               |  15 ++
 .../security-manager/init-security-manager-db.sh   |   6 +
 .../security-manager/security-manager_%.bbappend   |  25 +++
 .../recipes-core/shadow/shadow_%.bbappend          |   6 +
 .../systemd-sync/systemd-agl-sync_1.0.bb           |  39 ++++
 25 files changed, 954 insertions(+)
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-binder/af-binder-devtools-native_git.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.inc
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-binder/nativesdk-af-binder-devtools_git.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.inc
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-platform-setup/af-platform-setup_1.0.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/af-platform-setup/files/udev-shared.conf
 create mode 100644 meta-agl/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
 create mode 100644 meta-agl/meta-app-framework/recipes-core/nss-localuser/nss-localuser_0.1.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend
 create mode 100644 meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
 create mode 100644 meta-agl/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
 create mode 100644 meta-agl/meta-app-framework/recipes-core/shadow/shadow_%.bbappend
 create mode 100644 meta-agl/meta-app-framework/recipes-core/systemd-sync/systemd-agl-sync_1.0.bb

(limited to 'meta-agl/meta-app-framework/recipes-core')

diff --git a/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder-devtools-native_git.bb b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder-devtools-native_git.bb
new file mode 100644
index 00000000..70dafb38
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder-devtools-native_git.bb
@@ -0,0 +1,8 @@
+require af-binder_${PV}.inc
+
+DEPENDS = "json-c-native"
+
+inherit cmake pkgconfig native
+
+EXTRA_OECMAKE_append = " -DONLY_DEVTOOLS=TRUE"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.bb b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.bb
new file mode 100644
index 00000000..cf20e25a
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.bb
@@ -0,0 +1,117 @@
+require af-binder_${PV}.inc
+
+DEPENDS = "file json-c libmicrohttpd systemd util-linux openssl cynara"
+
+inherit cmake pkgconfig
+
+EXTRA_OECMAKE_append_class-target = "\
+	-DUNITDIR_SYSTEM=${systemd_system_unitdir} \
+"
+
+EXTRA_OECMAKE_append_agl-devel = " \
+	-DAGL_DEVEL=ON \
+	-DINCLUDE_MONITORING=ON \
+	-DINCLUDE_SUPERVISOR=ON -DAFS_SUPERVISION_SOCKET=/run/platform/supervisor \
+"
+
+pkg_postinst_${PN}() {
+	mkdir -p "$D${libdir}/afb"
+}
+
+do_install_append_agl-devel_class-target() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d -m 0755 ${D}${systemd_system_unitdir}/multi-user.target.wants
+        ln -s ../afm-api-supervisor.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-api-supervisor.service
+    fi
+}
+
+#############################################
+# main package
+#############################################
+
+FILES_${PN}_append_agl-devel = " ${libdir}/afb/monitoring ${systemd_system_unitdir}"
+
+RDEPENDS_${PN}-dev += "libafbwsc-dev"
+
+#############################################
+# intrinsic binding packages
+#############################################
+PACKAGES =+ "${PN}-intrinsic-bindings"
+ALLOW_EMPTY_${PN}-intrinsic-bindings = "1"
+
+PACKAGES_DYNAMIC = "${PN}-binding-*"
+
+python populate_packages_prepend () {
+    afb_libdir = d.expand('${libdir}/afb')
+    postinst = d.getVar('binding_postinst', True)
+    pkgs = []
+
+    pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}'))
+    pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}'))
+
+    d.setVar('RDEPENDS_' + d.getVar('PN', True) + '-intrinsic-bindings', ' '.join(pkgs))
+}
+
+#############################################
+# tool package
+#############################################
+PACKAGES =+ "${PN}-tools"
+
+FILES_${PN}-tools = "\
+	${bindir}/afb-client-demo \
+"
+
+#############################################
+# setup libafbwsc package
+#############################################
+PACKAGES =+ "libafbwsc libafbwsc-dev"
+
+FILES_libafbwsc = "\
+	${libdir}/libafbwsc.so.* \
+"
+FILES_libafbwsc-dev = "\
+	${includedir}/afb/afb-wsj1.h \
+	${includedir}/afb/afb-ws-client.h \
+	${libdir}/libafbwsc.so \
+	${libdir}/pkgconfig/libafbwsc.pc \
+"
+
+#############################################
+# devtool package
+#############################################
+PACKAGES =+ "${PN}-devtools"
+
+FILES_${PN}-devtools = "\
+	${bindir}/afb-exprefs \
+	${bindir}/afb-json2c \
+	${bindir}/afb-genskel \
+"
+
+#############################################
+# supervisor package
+#############################################
+PACKAGES_append_agl-devel = " ${PN}-supervisor "
+
+FILES_${PN}-supervisor_agl-devel = "\
+	${bindir}/afs-supervisor \
+        ${systemd_system_unitdir} \
+"
+
+#############################################
+# setup sample packages
+#############################################
+PACKAGES =+ "${PN}-samples"
+
+FILES_${PN}-samples = "\
+	${datadir}/af-binder \
+"
+
+#############################################
+# meta package
+#############################################
+PACKAGES =+ "${PN}-meta"
+ALLOW_EMPTY_${PN}-meta = "1"
+
+RDEPENDS_${PN}-meta += "${PN} ${PN}-tools libafbwsc ${PN}-intrinsic-bindings"
+RDEPENDS_${PN}-meta_append_agl-devel = " ${PN}-supervisor "
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.inc b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.inc
new file mode 100644
index 00000000..1077e558
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-binder/af-binder_git.inc
@@ -0,0 +1,22 @@
+SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support"
+DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \
+interface to various automotive-oriented bindings, \
+allowing HTML5 UIs to send platform-specific requests in a secure way."
+
+HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=${AGL_BRANCH}"
+
+SRCREV = "99ad30bf29c683da833efeac42d8f178b6d2ca8c"
+PV = "${AGL_BRANCH}+git${SRCPV}"
+
+S = "${WORKDIR}/git"
+
+CFLAGS_append_agl-devel = " -DAGL_DEVEL"
+
+EXTRA_OECMAKE_append = "\
+	-DAGLVERSION=${AGLVERSION} \
+"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-binder/nativesdk-af-binder-devtools_git.bb b/meta-agl/meta-app-framework/recipes-core/af-binder/nativesdk-af-binder-devtools_git.bb
new file mode 100644
index 00000000..3223dd05
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-binder/nativesdk-af-binder-devtools_git.bb
@@ -0,0 +1,8 @@
+require af-binder_${PV}.inc
+
+DEPENDS = "nativesdk-json-c"
+
+inherit cmake pkgconfig nativesdk
+
+EXTRA_OECMAKE_append = " -DONLY_DEVTOOLS=TRUE"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-agl/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
new file mode 100644
index 00000000..14a26fbe
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
@@ -0,0 +1,29 @@
+From a4fbfb88f1b7c4f4287d9279767220fae80d26da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Thu, 21 Jan 2016 15:07:29 +0100
+Subject: [PATCH] Hack to allow the debugging
+
+This is a temporarily fix to continue debugging
+afm-main. This should be removed later.
+
+Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa
+---
+ conf/afm-user-daemon.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/user/afm-user-daemon.conf b/conf/user/afm-user-daemon.conf
+index 801c7ae..98a3152 100644
+--- a/conf/user/afm-user-daemon.conf
++++ b/conf/user/afm-user-daemon.conf
+@@ -25,7 +25,7 @@
+         </policy>
+ 
+         <policy context="default">
+-                <deny own="org.AGL.afm.user"/>
++                <allow own="org.AGL.afm.user"/>
+                 <allow send_destination="org.AGL.afm.system"/>
+         </policy>
+ 
+-- 
+2.1.4
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.bb b/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.bb
new file mode 100644
index 00000000..4a565453
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.bb
@@ -0,0 +1,127 @@
+require af-main_${PV}.inc 
+
+# NOTE: using libcap-native and setcap in install doesn't work
+# NOTE: maybe setting afm_name to agl-framework is cleaner but has implications
+# NOTE: there is a hack of security for using groups and dbus (to be checked)
+# NOTE: using ZIP programs creates directories with mode 777 (very bad)
+
+inherit cmake pkgconfig useradd systemd
+BBCLASSEXTEND = "native"
+
+SECTION = "base"
+
+DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager af-binder sed m4"
+DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c"
+RDEPENDS_${PN}_class-target += "af-binder-tools"
+
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native libcap-native"
+
+EXTRA_OECMAKE_class-native  = "\
+	-DUSE_LIBZIP=1 \
+	-DUSE_SIMULATION=1 \
+	-DUSE_SDK=1 \
+	-DAGLVERSION=${AGLVERSION} \
+	-Dafm_name=${afm_name} \
+	-Dafm_confdir=${afm_confdir} \
+	-Dafm_datadir=${afm_datadir} \
+"
+
+EXTRA_OECMAKE = "\
+	-DUSE_LIBZIP=1 \
+	-DUSE_SIMULATION=0 \
+	-DUSE_SDK=0 \
+	-DAGLVERSION=${AGLVERSION} \
+	-Dafm_name=${afm_name} \
+	-Dafm_confdir=${afm_confdir} \
+	-Dafm_datadir=${afm_datadir} \
+	-Dsystemd_units_root=${systemd_units_root} \
+	-DUNITDIR_USER=${systemd_user_unitdir} \
+	-DUNITDIR_SYSTEM=${systemd_system_unitdir} \
+"
+
+# ------------------------ WARNING WARNING WARNNING ---------------------------
+#
+# ATM (FF.rc2), forcing all apps to be signed is an issue when building without
+# agl-devel feature. A workaround is to define ALLOW_NO_SIGNATURE=ON for all
+# builds but this must be removed later. See SPEC-1614 for more details.
+#
+# A variable AGL_FORBID_UNSIGNED_APPS is introduced to enable/disable this 
+# workaround in local.conf and allow transition to signed apps:
+# * forbid unsigned apps by setting: AGL_FORBID_UNSIGNED_APPS="1"
+# * [DEFAULT] allow unsigned apps: do nothing (or set: AGL_FORBID_UNSIGNED_APPS="0")
+AGL_FORBID_UNSIGNED_APPS ?= "0"
+#
+# WORKAROUND:
+EXTRA_OECMAKE_append_agl-devel = " -DAGL_DEVEL=1"
+EXTRA_OECMAKE_append = " ${@bb.utils.contains('AGL_FORBID_UNSIGNED_APPS','1','','-DALLOW_NO_SIGNATURE=ON', d)}"
+#
+# Correct version (IMPORTANT TODO: to be restored later):
+#EXTRA_OECMAKE_append_agl-devel = " -DAGL_DEVEL=1 -DALLOW_NO_SIGNATURE=ON"
+#
+# ------------------------ WARNING WARNING WARNNING ---------------------------
+
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --gid ${afm_name} --home-dir ${afm_datadir} ${afm_name}"
+GROUPADD_PARAM_${PN} = "--system ${afm_name}"
+
+RDEPENDS_${PN}_append_with-lsm-smack = " smack bash"
+DEPENDS_append_with-lsm-smack = " smack-native"
+
+# short hacks here
+SRC_URI += "\
+	file://Hack-to-allow-the-debugging.patch \
+"
+
+do_install_append_class-target() {
+    install -d ${D}${bindir}
+    install -d -m 0775 ${D}${systemd_units_root}/system
+    install -d -m 0775 "${D}${systemd_units_root}/system/multi-user.target.wants"
+    install -d -m 0775 "${D}${systemd_units_root}/system/afm-user-session@.target.wants"
+    install -d -m 0775 ${D}${systemd_units_root}/user
+    install -d -m 0775 ${D}${systemd_units_root}/user/default.target.wants
+    install -d -m 0775 ${D}${systemd_units_root}/user/sockets.target.wants
+    install -d ${D}${afm_datadir}/applications
+    install -d ${D}${afm_datadir}/icons
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d -m 0755 ${D}${systemd_system_unitdir}/multi-user.target.wants
+        install -d -m 0755 ${D}${systemd_system_unitdir}/sockets.target.wants
+        ln -sf ../afm-system-setup.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-system-setup.service
+        ln -sf ../afm-system-daemon.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-system-daemon.service
+        ln -sf ../afm-system-daemon.socket ${D}${systemd_system_unitdir}/sockets.target.wants/afm-system-daemon.socket
+    fi
+    echo "QT_WAYLAND_SHELL_INTEGRATION=ivi-shell" > ${D}${afm_confdir}/unit.env.d/qt-for-ivi-shell
+}
+
+pkg_postinst_ontarget_${PN}() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        chgrp ${afm_name} $D${systemd_units_root}/system
+        chgrp ${afm_name} $D${systemd_units_root}/system/afm-user-session@.target.wants
+        chgrp ${afm_name} $D${systemd_units_root}/user/default.target.wants
+        chgrp ${afm_name} $D${systemd_units_root}/user/sockets.target.wants
+    fi
+    chown ${afm_name}:${afm_name} $D${afm_datadir}
+    chown ${afm_name}:${afm_name} $D${afm_datadir}/applications
+    chown ${afm_name}:${afm_name} $D${afm_datadir}/icons
+}
+
+pkg_postinst_ontarget_${PN}_append_with-lsm-smack() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/default.target.wants
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/sockets.target.wants
+    fi
+    chsmack -a 'System::Shared' -t $D${afm_datadir}
+    chsmack -a 'System::Shared' -t $D${afm_datadir}/applications
+    chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
+}
+FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
+
+PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
+FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
+FILES_${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so "
+
+PACKAGES =+ "${PN}-tools ${PN}-tools-dbg"
+FILES_${PN}-tools = "${bindir}/wgtpkg-*"
+FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
diff --git a/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.inc b/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.inc
new file mode 100644
index 00000000..6795da2a
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-main/af-main_git.inc
@@ -0,0 +1,25 @@
+SUMMARY = "AGL Framework Main part"
+DESCRIPTION = "\
+This is a core framework component for managing \
+applications, widgets, and components. \
+"
+
+HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
+
+SRCREV = "533d5a1a51a07f2f92e508d113cb49d373e1bad8"
+PV = "${AGL_BRANCH}+git${SRCPV}"
+
+S = "${WORKDIR}/git"
+
+afm_name    = "afm"
+afm_confdir = "${sysconfdir}/${afm_name}"
+afm_datadir = "/var/local/lib/${afm_name}"
+afb_binding_dir = "${libdir}/afb"
+systemd_units_root = "/var/local/lib/systemd"
+
+CFLAGS_append_agl-devel = " -DAGL_DEVEL"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb b/meta-agl/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
new file mode 100644
index 00000000..759c893c
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-main/nativesdk-af-main_git.bb
@@ -0,0 +1,27 @@
+require af-main_${PV}.inc 
+
+inherit nativesdk cmake pkgconfig 
+
+SECTION = "base"
+
+DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c"
+
+EXTRA_OECMAKE = "\
+	-DUSE_LIBZIP=1 \
+	-DUSE_SIMULATION=1 \
+	-DUSE_SDK=1 \
+	-DAGLVERSION=${AGLVERSION} \
+	-Dafm_name=${afm_name} \
+	-Dafm_confdir=${afm_confdir} \
+	-Dafm_datadir=${afm_datadir} \
+"
+
+do_install_append() {
+    # remove unused .pc file we don't want to package
+	rm -rf ${D}/${libdir}
+}
+
+PACKAGES = "${PN}-tools ${PN}-tools-dbg"
+FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*"
+FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/af-platform-setup/af-platform-setup_1.0.bb b/meta-agl/meta-app-framework/recipes-core/af-platform-setup/af-platform-setup_1.0.bb
new file mode 100644
index 00000000..eb473cd1
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-platform-setup/af-platform-setup_1.0.bb
@@ -0,0 +1,16 @@
+HOMEPAGE = "here"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+SRC_URI = "file://udev-shared.conf"
+
+S = "${WORKDIR}"
+
+do_install() {
+	d=${D}${systemd_system_unitdir}/systemd-udevd.service.d
+	install -d $d
+	install -m 0644 ${S}/udev-shared.conf $d
+}
+
+FILES_${PN} = "${systemd_system_unitdir}"
diff --git a/meta-agl/meta-app-framework/recipes-core/af-platform-setup/files/udev-shared.conf b/meta-agl/meta-app-framework/recipes-core/af-platform-setup/files/udev-shared.conf
new file mode 100644
index 00000000..cce02bc5
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/af-platform-setup/files/udev-shared.conf
@@ -0,0 +1,4 @@
+[Service]
+ExecStartPre=/bin/mkdir -p /run/udev
+ExecStartPre=/usr/bin/chsmack -r -a System::Shared -t /run/udev
+
diff --git a/meta-agl/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-agl/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
new file mode 100644
index 00000000..1dddcd6f
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -0,0 +1,32 @@
+RDEPENDS_${PN}_append_with-lsm-smack = " smack"
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
+
+do_install_append() {
+    install -m 0700 -d ${D}/${sysconfdir}/skel
+    chmod -R 0700 ${D}/${sysconfdir}/skel
+    install -m 0700 -d ${D}/${sysconfdir}/skel/app-data
+    install -m 0700 -d ${D}/${sysconfdir}/skel/.config
+    install -m 0755 -d ${D}/var
+    if [ -d ${D}/usr/local ]; then
+        mv ${D}/usr/local ${D}/var
+    else
+        install -m 0755 -d ${D}/var/local
+    fi
+    ln -s ../var/local ${D}/usr/local
+}
+
+do_install_append_with-lsm-smack () {
+    install -d ${D}/${sysconfdir}/smack/accesses.d
+    cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
+System User::App-Shared rwxat
+System User::Home       rwxat
+EOF
+    chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
+}
+
+pkg_postinst_${PN}_append_with-lsm-smack() {
+    chsmack -r -a 'User::Home' -t -D $D/${sysconfdir}/skel
+    chsmack -a 'User::App-Shared' -D $D/${sysconfdir}/skel/app-data
+    cp -rTf --preserve=all $D/${sysconfdir}/skel $D/${ROOT_HOME}
+}
+
diff --git a/meta-agl/meta-app-framework/recipes-core/nss-localuser/nss-localuser_0.1.bb b/meta-agl/meta-app-framework/recipes-core/nss-localuser/nss-localuser_0.1.bb
new file mode 100644
index 00000000..148bc516
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/nss-localuser/nss-localuser_0.1.bb
@@ -0,0 +1,37 @@
+SUMMARY = "Name Service Switch module for resolving the local user hostname"
+
+DESCRIPTION = "plugin for the GNU Name Service Switch (NSS) \
+functionality of the GNU C Library (`glibc`) providing host name \
+resolution for *"localuser"* family of virtual hostnames."
+
+HOMEPAGE = "https://git.automotivelinux.org/src/nss-localuser/"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=79ad77111c398994735201536a4749ba"
+
+SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/nss-localuser;protocol=https;branch=${AGL_BRANCH}"
+SRCREV = "d2d9e83bd9bdc3a091d6b9f1ccaec012fba2f0f4"
+PV = "${AGL_BRANCH}+git${SRCPV}"
+
+S = "${WORKDIR}/git"
+
+do_compile() {
+	make
+}
+
+do_install() {
+	make nssdir=${D}${libdir} install
+}
+
+pkg_postinst_${PN} () {
+	sed -e '/^hosts:/s/\<localuser\>\s*//' \
+		-e 's/\(^hosts:\s\s*\)\(.*\)/\1localuser \2/' \
+		-i $D${sysconfdir}/nsswitch.conf
+}
+
+pkg_prerm_${PN} () {
+	sed -e '/^hosts:/s/\<localuser\>\s*//' \
+		-i $D${sysconfdir}/nsswitch.conf
+}
+
+INSANE_SKIP_${PN} = "ldflags"
diff --git a/meta-agl/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend b/meta-agl/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend
new file mode 100644
index 00000000..fc73e8f3
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend
@@ -0,0 +1,2 @@
+RDEPENDS_${PN} =+ "nativesdk-af-main-tools nativesdk-af-binder-devtools"
+
diff --git a/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb b/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb
new file mode 100644
index 00000000..7ba90916
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb
@@ -0,0 +1,14 @@
+SUMMARY = "AGL Application Framework examples"
+DESCRIPTION = "The set of examples associated to the AGL Application Framework"
+LICENSE = "MIT"
+
+inherit packagegroup
+
+PACKAGES = "\
+    packagegroup-agl-app-framework-examples \
+    "
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} += "\
+    "
diff --git a/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb
new file mode 100644
index 00000000..854835d4
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb
@@ -0,0 +1,20 @@
+SUMMARY = "AGL Application Framework core packages"
+DESCRIPTION = "The set of packages required by the AGL Application Framework"
+LICENSE = "MIT"
+
+inherit packagegroup
+
+PACKAGES = "\
+    packagegroup-agl-app-framework \
+    "
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} += "\
+	af-binder \
+	libafbwsc \
+	af-main \
+	nss-localuser \
+	systemd-agl-sync \
+	af-platform-setup \
+	"
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
new file mode 100644
index 00000000..4c91f7fa
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch
@@ -0,0 +1,50 @@
+From 935e4e4e746b5ffcda80c80097dc75c2581c1a89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Wed, 19 Oct 2016 13:45:54 +0200
+Subject: [PATCH] Adapt rules to AGL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git
+as basis for the integration of security framework. The security framework
+that it provides is an evolution of the security framework of tizen refited
+to the distribution Ostro of Intel. This refit took the decision to simplify
+the model by removing the running label "User". More can be viewed here:
+https://github.com/01org/meta-intel-iot-security/pull/116
+
+This commits adapt the template to the rules that are now needed
+after this evolution.
+
+It also integrates one other evolutions: the shared label becomes User::App-Shared instead
+of User::App::Shared to avoid collision with application of id "Shared".
+
+Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ policy/app-rules-template.smack | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
+index 1311169..b4cd2e3 100644
+--- a/policy/app-rules-template.smack
++++ b/policy/app-rules-template.smack
+@@ -1,12 +1,10 @@
+-System ~APP~ rwx
++System ~APP~ rwxa
++System ~PKG~ rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rx
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+-User ~APP~ rwxa
+-User ~PKG~ rwxat
+-~APP~ User wx
+ ~APP~ User::Home rxl
+-~APP~ User::App::Shared rwxat
++~APP~ User::App-Shared rwxat
+ ~APP~ ~PKG~ rwxat
+-- 
+2.7.4
+
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
new file mode 100644
index 00000000..43a3ee10
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
@@ -0,0 +1,40 @@
+From 19c99315a5dcba3b696c30d1fdd42a1dcd574a80 Mon Sep 17 00:00:00 2001
+From: Ronan <ronan.lemartret@iot.bzh>
+Date: Thu, 13 Oct 2016 11:37:47 +0200
+Subject: [PATCH] Fix Cmake conf for gcc6 build
+
+Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
+---
+ src/cmd/CMakeLists.txt    | 4 +---
+ src/server/CMakeLists.txt | 1 -
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt
+index ee9a160..aa7a12c 100644
+--- a/src/cmd/CMakeLists.txt
++++ b/src/cmd/CMakeLists.txt
+@@ -1,8 +1,6 @@
+ FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options)
+ 
+-INCLUDE_DIRECTORIES(SYSTEM
+-    ${Boost_INCLUDE_DIRS}
+-    )
++
+ 
+ INCLUDE_DIRECTORIES(
+     ${INCLUDE_PATH}
+diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
+index 753eb96..8eef25d 100644
+--- a/src/server/CMakeLists.txt
++++ b/src/server/CMakeLists.txt
+@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
+ 
+ INCLUDE_DIRECTORIES(SYSTEM
+     ${SERVER_DEP_INCLUDE_DIRS}
+-    ${Boost_INCLUDE_DIRS}
+     ${Threads_INCLUDE_DIRS}
+     )
+ 
+-- 
+2.6.6
+
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
new file mode 100644
index 00000000..1b3c8c42
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
@@ -0,0 +1,38 @@
+From cb9acc2b723b297ee373bf814282711f02657aa5 Mon Sep 17 00:00:00 2001
+From: Ronan <ronan.lemartret@iot.bzh>
+Date: Wed, 12 Oct 2016 17:48:55 +0200
+Subject: [PATCH] Fix gcc6 build
+
+Signed-off-by: ronan <ronan@ot.bzh>
+---
+ src/client/client-security-manager.cpp | 1 +
+ src/common/include/privilege_db.h      | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
+index 74a6b30..347cddd 100644
+--- a/src/client/client-security-manager.cpp
++++ b/src/client/client-security-manager.cpp
+@@ -46,6 +46,7 @@
+ #include <service_impl.h>
+ #include <security-manager.h>
+ #include <client-offline.h>
++#include <linux/xattr.h>
+
+ static const char *EMPTY = "";
+
+diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
+index 03c6680..8dd39a1 100644
+--- a/src/common/include/privilege_db.h
++++ b/src/common/include/privilege_db.h
+@@ -32,6 +32,7 @@
+ #include <map>
+ #include <stdbool.h>
+ #include <string>
++#include <vector>
+
+ #include <dpl/db/sql_connection.h>
+
+-- 
+2.6.6
+
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch
new file mode 100644
index 00000000..7b6845ab
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch
@@ -0,0 +1,51 @@
+From ed1c105db9d7b1ceb52ec16f35b0a2c959c19c6d Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Sun, 17 Dec 2017 15:40:58 +0000
+Subject: [PATCH] gcc-7 requires include <functional> for std::function
+
+Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
+---
+ src/client/client-common.cpp      | 1 +
+ src/common/smack-labels.cpp       | 1 +
+ src/dpl/core/src/binary_queue.cpp | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
+index 883ab8d..1babdf7 100644
+--- a/src/client/client-common.cpp
++++ b/src/client/client-common.cpp
+@@ -31,6 +31,7 @@
+ #include <sys/xattr.h>
+ #include <linux/xattr.h>
+ #include <unistd.h>
++#include <functional>
+ 
+ #include <dpl/log/log.h>
+ #include <dpl/serialization.h>
+diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
+index 0294a42..1598099 100644
+--- a/src/common/smack-labels.cpp
++++ b/src/common/smack-labels.cpp
+@@ -29,6 +29,7 @@
+ #include <sys/xattr.h>
+ #include <linux/xattr.h>
+ #include <memory>
++#include <functional>
+ #include <fts.h>
+ #include <cstring>
+ #include <string>
+diff --git a/src/dpl/core/src/binary_queue.cpp b/src/dpl/core/src/binary_queue.cpp
+index 72817a6..838409f 100644
+--- a/src/dpl/core/src/binary_queue.cpp
++++ b/src/dpl/core/src/binary_queue.cpp
+@@ -26,6 +26,7 @@
+ #include <malloc.h>
+ #include <cstring>
+ #include <new>
++#include <functional>
+ 
+ namespace SecurityManager {
+ BinaryQueue::BinaryQueue() :
+-- 
+2.7.4
+
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
new file mode 100644
index 00000000..bea3516d
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
@@ -0,0 +1,196 @@
+From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Mon, 16 Nov 2015 14:26:25 +0100
+Subject: [PATCH] Removing tizen-platform-config
+
+Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
+---
+ policy/security-manager-policy-reload |  2 +-
+ src/common/file-lock.cpp              |  4 +---
+ src/common/include/file-lock.h        |  1 -
+ src/common/include/privilege_db.h     |  3 +--
+ src/common/service_impl.cpp           | 39 +++++++++++------------------------
+ src/common/smack-rules.cpp            | 12 ++++-------
+ 6 files changed, 19 insertions(+), 42 deletions(-)
+
+diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
+index 6f211c6..ed8047a 100755
+--- a/policy/security-manager-policy-reload
++++ b/policy/security-manager-policy-reload
+@@ -2,7 +2,7 @@
+ 
+ POLICY_PATH=/usr/share/security-manager/policy
+ PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
+-DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
++DB_FILE=/var/local/db/security-manager/.security-manager.db
+ 
+ # Create default buckets
+ while read bucket default_policy
+diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
+index 6f3996c..1dada17 100644
+--- a/src/common/file-lock.cpp
++++ b/src/common/file-lock.cpp
+@@ -30,9 +30,7 @@
+ 
+ namespace SecurityManager {
+ 
+-char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
+-                                                         "lock",
+-                                                         "security-manager.lock");
++char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock";
+ 
+ FileLocker::FileLocker(const std::string &lockFile, bool blocking)
+ {
+diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
+index 604b019..21a86a0 100644
+--- a/src/common/include/file-lock.h
++++ b/src/common/include/file-lock.h
+@@ -29,7 +29,6 @@
+ 
+ #include <dpl/exception.h>
+ #include <dpl/noncopyable.h>
+-#include <tzplatform_config.h>
+ 
+ namespace SecurityManager {
+ 
+diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
+index 4d73d90..03c6680 100644
+--- a/src/common/include/privilege_db.h
++++ b/src/common/include/privilege_db.h
+@@ -34,14 +34,13 @@
+ #include <string>
+ 
+ #include <dpl/db/sql_connection.h>
+-#include <tzplatform_config.h>
+ 
+ #ifndef PRIVILEGE_DB_H_
+ #define PRIVILEGE_DB_H_
+ 
+ namespace SecurityManager {
+ 
+-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
++const char *const PRIVILEGE_DB_PATH = "/var/local/db/security-manager/.security-manager.db";
+ 
+ enum class QueryType {
+     EGetPkgPrivileges,
+diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
+index ae305d3..65cc8b5 100644
+--- a/src/common/service_impl.cpp
++++ b/src/common/service_impl.cpp
+@@ -32,7 +32,6 @@
+ #include <algorithm>
+ 
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+ 
+ #include "protocols.h"
+ #include "privilege_db.h"
+@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
+ 
+ static uid_t getGlobalUserId(void)
+ {
+-    static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
++    static uid_t globaluid = 0;
++    if (!globaluid) {
++        struct passwd pw, *p;
++        char buf[4096];
++        int rc = getpwnam_r("afm", &pw, buf, sizeof buf, &p);
++        globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
++    }
+     return globaluid;
+ }
+ 
+@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
+ 
+ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
+ {
+-    struct tzplatform_context *tz_ctx = nullptr;
+-
+-    if (tzplatform_context_create(&tz_ctx))
+-            return false;
+-
+-    if (tzplatform_context_set_user(tz_ctx, uid)) {
+-        tzplatform_context_destroy(tz_ctx);
+-        tz_ctx = nullptr;
++    struct passwd pw, *p;
++    char buf[4096];
++    int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
++    if (rc || p == NULL)
+         return false;
+-    }
+-
+-    enum tzplatform_variable id =
+-            (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
+-    const char *appDir = tzplatform_context_getenv(tz_ctx, id);
+-    if (!appDir) {
+-        tzplatform_context_destroy(tz_ctx);
+-        tz_ctx = nullptr;
+-        return false;
+-    }
+-
+-    userAppDir = appDir;
+-
+-    tzplatform_context_destroy(tz_ctx);
+-    tz_ctx = nullptr;
+-
++    userAppDir = p->pw_dir;
+     return true;
+ }
+ 
+ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
+ {
+-    std::string userHome;
+     std::string userAppDir;
+     std::stringstream correctPath;
+ 
+diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
+index d834e42..8b5728b 100644
+--- a/src/common/smack-rules.cpp
++++ b/src/common/smack-rules.cpp
+@@ -34,7 +34,6 @@
+ #include <memory>
+ 
+ #include <dpl/log/log.h>
+-#include <tzplatform_config.h>
+ 
+ #include "smack-labels.h"
+ #include "smack-rules.h"
+@@ -43,7 +42,7 @@ namespace SecurityManager {
+ 
+ const char *const SMACK_APP_LABEL_TEMPLATE     = "~APP~";
+ const char *const SMACK_PKG_LABEL_TEMPLATE     = "~PKG~";
+-const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
++const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack";
+ const char *const SMACK_APP_IN_PACKAGE_PERMS   = "rwxat";
+ 
+ SmackRules::SmackRules()
+@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
+ 
+ std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
+ {
+-    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
+-    return path;
++    return "/etc/smack/accesses.d/pkg_" + pkgId;
+ }
+ 
+ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
+ {
+-    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
+-    return path;
++    return "/etc/smack/accesses.d/app_" + appId;
+ }
+ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
+         const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
+@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
+     for (auto privilege : privileges) {
+         if (privilege.empty())
+             continue;
+-        std::string fprivilege ( privilege + "-template.smack");
+-        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
++        std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack";
+         if( stat(path.c_str(), &buffer) == 0) 
+             smackRules.addFromTemplateFile(appId, pkgId, path);
+     }
+-- 
+2.1.4
+
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
new file mode 100644
index 00000000..8ed5e860
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
@@ -0,0 +1,15 @@
+#
+# Install security-manager DB to /var
+
+[Unit]
+Description=Install Security Manager database
+After=sysinit.target
+Before=security-manager.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/bin/init-security-manager-db.sh
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
new file mode 100644
index 00000000..f90192a8
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ ! -e "/var/local/db/security-manager" ]; then
+	mkdir -p /var/local/db
+	cp -ra /usr/dbspace/ /var/local/db/security-manager
+fi
diff --git a/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
new file mode 100644
index 00000000..61c933a7
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -0,0 +1,25 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
+
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
+
+SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \
+	     file://init-security-manager-db.service \
+	     file://init-security-manager-db.sh \
+             file://0001-Fix-gcc6-build.patch \
+             file://0001-Fix-Cmake-conf-for-gcc6-build.patch \
+             file://0001-gcc-7-requires-include-functional-for-std-function.patch \
+"
+
+FILES_${PN}_append = "${bindir}/init-security-manager-db.sh \
+		      ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/init-security-manager-db.service', '', d)} \
+"
+
+do_install_append () {
+	install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+		mkdir -p ${D}${systemd_unitdir}/system
+		mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants
+		install -m 644 -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service
+		ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants
+	fi
+}
diff --git a/meta-agl/meta-app-framework/recipes-core/shadow/shadow_%.bbappend b/meta-agl/meta-app-framework/recipes-core/shadow/shadow_%.bbappend
new file mode 100644
index 00000000..4f594d47
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/shadow/shadow_%.bbappend
@@ -0,0 +1,6 @@
+
+do_install_append() {
+	sed -i '/^UMASK/s:^.*$:UMASK 077:' ${D}${sysconfdir}/login.defs
+}
+
+
diff --git a/meta-agl/meta-app-framework/recipes-core/systemd-sync/systemd-agl-sync_1.0.bb b/meta-agl/meta-app-framework/recipes-core/systemd-sync/systemd-agl-sync_1.0.bb
new file mode 100644
index 00000000..389ab242
--- /dev/null
+++ b/meta-agl/meta-app-framework/recipes-core/systemd-sync/systemd-agl-sync_1.0.bb
@@ -0,0 +1,39 @@
+SUMMARY = "Systemd synchronization script"
+DESCRIPTION = "\
+Systemd synchronization script \
+reload daemon at the first boot. \
+"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+#This script should be the last to be execute at the first boot
+POST_INSTALL_LEVEL = "X0"
+POST_INSTALL_SCRIPT ?= "${POST_INSTALL_LEVEL}-${PN}.sh"
+
+do_install() {
+    install -d ${D}/${sysconfdir}/agl-postinsts
+    cat > ${D}/${sysconfdir}/agl-postinsts/${POST_INSTALL_SCRIPT} <<EOF
+#!/bin/sh -e
+echo "restart daemon ..."
+result=0
+systemctl daemon-reload
+if [ \$? -ne 0 ]; then
+    result=1
+fi
+systemctl restart sockets.target
+if [ \$? -ne 0 ]; then
+    result=1
+fi
+
+if [ \$result -eq 0 ]; then
+    echo "restart daemon OK"
+    exit \$result
+else
+    echo "restart daemon failed"
+    exit \$result
+fi
+EOF
+    chmod a+x ${D}/${sysconfdir}/agl-postinsts/${POST_INSTALL_SCRIPT}
+}
+
+FILES_${PN} = "${sysconfdir}/agl-postinsts/${POST_INSTALL_SCRIPT}"
-- 
cgit 1.2.3-korg