Enforce separation of users using UMASK

[AGL/meta-agl.git] / meta-app-framework / recipes-core / base-files / base-files_%.bbappend

diff --git a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
index 636bcc4..1dddcd6 100644 (file)
--- a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -1,19 +1,21 @@
-RDEPENDS_${PN}_append_smack = " smack-userspace"
-PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native"
+RDEPENDS_${PN}_append_with-lsm-smack = " smack"
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
 
 do_install_append() {
-    install -d ${D}/${sysconfdir}/skel/app-data
-    install -d ${D}/${sysconfdir}/skel/.config
+    install -m 0700 -d ${D}/${sysconfdir}/skel
+    chmod -R 0700 ${D}/${sysconfdir}/skel
+    install -m 0700 -d ${D}/${sysconfdir}/skel/app-data
+    install -m 0700 -d ${D}/${sysconfdir}/skel/.config
     install -m 0755 -d ${D}/var
     if [ -d ${D}/usr/local ]; then
         mv ${D}/usr/local ${D}/var
     else
         install -m 0755 -d ${D}/var/local
     fi
-    ln -s ../../var/local ${D}/usr/local
+    ln -s ../var/local ${D}/usr/local
 }
 
-do_install_append_smack () {
+do_install_append_with-lsm-smack () {
     install -d ${D}/${sysconfdir}/smack/accesses.d
     cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
 System User::App-Shared rwxat
@@ -22,7 +24,7 @@ EOF
     chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
 }
 
-pkg_postinst_${PN}_append_smack() {
+pkg_postinst_${PN}_append_with-lsm-smack() {
     chsmack -r -a 'User::Home' -t -D $D/${sysconfdir}/skel
     chsmack -a 'User::App-Shared' -D $D/${sysconfdir}/skel/app-data
     cp -rTf --preserve=all $D/${sysconfdir}/skel $D/${ROOT_HOME}