security-manager: Improve integration

author José Bollo <jose.bollo@iot.bzh>

Tue, 26 Nov 2019 14:21:18 +0000 (15:21 +0100)

committer Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

Tue, 3 Dec 2019 16:44:27 +0000 (16:44 +0000)
author José Bollo <jose.bollo@iot.bzh>
Tue, 26 Nov 2019 14:21:18 +0000 (15:21 +0100)
committer Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tue, 3 Dec 2019 16:44:27 +0000 (16:44 +0000)
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch

deleted file mode 100644 (file)

index bea3516..0000000
--- a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch
+++ /dev/null
@@ -1,196 +0,0 @@
-From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Mon, 16 Nov 2015 14:26:25 +0100
-Subject: [PATCH] Removing tizen-platform-config
-
-Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
----
- policy/security-manager-policy-reload |  2 +-
- src/common/file-lock.cpp              |  4 +---
- src/common/include/file-lock.h        |  1 -
- src/common/include/privilege_db.h     |  3 +--
- src/common/service_impl.cpp           | 39 +++++++++++------------------------
- src/common/smack-rules.cpp            | 12 ++++-------
- 6 files changed, 19 insertions(+), 42 deletions(-)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 6f211c6..ed8047a 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -2,7 +2,7 @@
- 
- POLICY_PATH=/usr/share/security-manager/policy
- PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
--DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
-+DB_FILE=/var/local/db/security-manager/.security-manager.db
- 
- # Create default buckets
- while read bucket default_policy
-diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
-index 6f3996c..1dada17 100644
---- a/src/common/file-lock.cpp
-+++ b/src/common/file-lock.cpp
-@@ -30,9 +30,7 @@
- 
- namespace SecurityManager {
- 
--char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
--                                                         "lock",
--                                                         "security-manager.lock");
-+char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock";
- 
- FileLocker::FileLocker(const std::string &lockFile, bool blocking)
- {
-diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
-index 604b019..21a86a0 100644
---- a/src/common/include/file-lock.h
-+++ b/src/common/include/file-lock.h
-@@ -29,7 +29,6 @@
- 
- #include <dpl/exception.h>
- #include <dpl/noncopyable.h>
--#include <tzplatform_config.h>
- 
- namespace SecurityManager {
- 
-diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 4d73d90..03c6680 100644
---- a/src/common/include/privilege_db.h
-+++ b/src/common/include/privilege_db.h
-@@ -34,14 +34,13 @@
- #include <string>
- 
- #include <dpl/db/sql_connection.h>
--#include <tzplatform_config.h>
- 
- #ifndef PRIVILEGE_DB_H_
- #define PRIVILEGE_DB_H_
- 
- namespace SecurityManager {
- 
--const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-+const char *const PRIVILEGE_DB_PATH = "/var/local/db/security-manager/.security-manager.db";
- 
- enum class QueryType {
-     EGetPkgPrivileges,
-diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index ae305d3..65cc8b5 100644
---- a/src/common/service_impl.cpp
-+++ b/src/common/service_impl.cpp
-@@ -32,7 +32,6 @@
- #include <algorithm>
- 
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
- 
- #include "protocols.h"
- #include "privilege_db.h"
-@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
- 
- static uid_t getGlobalUserId(void)
- {
--    static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-+    static uid_t globaluid = 0;
-+    if (!globaluid) {
-+        struct passwd pw, *p;
-+        char buf[4096];
-+        int rc = getpwnam_r("afm", &pw, buf, sizeof buf, &p);
-+        globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
-+    }
-     return globaluid;
- }
- 
-@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir)
- 
- static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
- {
--    struct tzplatform_context *tz_ctx = nullptr;
--
--    if (tzplatform_context_create(&tz_ctx))
--            return false;
--
--    if (tzplatform_context_set_user(tz_ctx, uid)) {
--        tzplatform_context_destroy(tz_ctx);
--        tz_ctx = nullptr;
-+    struct passwd pw, *p;
-+    char buf[4096];
-+    int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p);
-+    if (rc || p == NULL)
-         return false;
--    }
--
--    enum tzplatform_variable id =
--            (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP;
--    const char *appDir = tzplatform_context_getenv(tz_ctx, id);
--    if (!appDir) {
--        tzplatform_context_destroy(tz_ctx);
--        tz_ctx = nullptr;
--        return false;
--    }
--
--    userAppDir = appDir;
--
--    tzplatform_context_destroy(tz_ctx);
--    tz_ctx = nullptr;
--
-+    userAppDir = p->pw_dir;
-     return true;
- }
- 
- static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
- {
--    std::string userHome;
-     std::string userAppDir;
-     std::stringstream correctPath;
- 
-diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index d834e42..8b5728b 100644
---- a/src/common/smack-rules.cpp
-+++ b/src/common/smack-rules.cpp
-@@ -34,7 +34,6 @@
- #include <memory>
- 
- #include <dpl/log/log.h>
--#include <tzplatform_config.h>
- 
- #include "smack-labels.h"
- #include "smack-rules.h"
-@@ -43,7 +42,7 @@ namespace SecurityManager {
- 
- const char *const SMACK_APP_LABEL_TEMPLATE     = "~APP~";
- const char *const SMACK_PKG_LABEL_TEMPLATE     = "~PKG~";
--const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
-+const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack";
- const char *const SMACK_APP_IN_PACKAGE_PERMS   = "rwxat";
- 
- SmackRules::SmackRules()
-@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector<std::string> &pkgCon
- 
- std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId)
- {
--    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
--    return path;
-+    return "/etc/smack/accesses.d/pkg_" + pkgId;
- }
- 
- std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
- {
--    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
--    return path;
-+    return "/etc/smack/accesses.d/app_" + appId;
- }
- void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
-         const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
-@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con
-     for (auto privilege : privileges) {
-         if (privilege.empty())
-             continue;
--        std::string fprivilege ( privilege + "-template.smack");
--        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+        std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack";
-         if( stat(path.c_str(), &buffer) == 0) 
-             smackRules.addFromTemplateFile(appId, pkgId, path);
-     }
--- 
-2.1.4
-
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service

deleted file mode 100644 (file)

index 8ed5e86..0000000
--- a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Install security-manager DB to /var
-
-[Unit]
-Description=Install Security Manager database
-After=sysinit.target
-Before=security-manager.service
-
-[Install]
-WantedBy=default.target
-
-[Service]
-Type=oneshot
-User=root
-ExecStart=/usr/bin/init-security-manager-db.sh
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh

deleted file mode 100644 (file)

index f90192a..0000000
--- a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-if [ ! -e "/var/local/db/security-manager" ]; then
-       mkdir -p /var/local/db
-       cp -ra /usr/dbspace/ /var/local/db/security-manager
-fi
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend

index 61c933a..3306d4c 100644 (file)
--- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
+++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -1,25 +1,7 @@
  FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
  
  FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
  
-PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
-
-SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \
-            file://init-security-manager-db.service \
-            file://init-security-manager-db.sh \
-             file://0001-Fix-gcc6-build.patch \
-             file://0001-Fix-Cmake-conf-for-gcc6-build.patch \
-             file://0001-gcc-7-requires-include-functional-for-std-function.patch \
-"
-
-FILES_${PN}_append = "${bindir}/init-security-manager-db.sh \
-                     ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/init-security-manager-db.service', '', d)} \
+EXTRA_OECMAKE =+ " -DGLOBALUSER=afm"
+SRC_URI += " \
+   file://0001-Adapt-rules-to-AGL.patch \
  "
  
  "
  
-do_install_append () {
-       install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh
-       if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-               mkdir -p ${D}${systemd_unitdir}/system
-               mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants
-               install -m 644 -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service
-               ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants
-       fi
-}
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager_git.bbappend b/meta-app-framework/recipes-security/security-manager/security-manager_git.bbappend

deleted file mode 100644 (file)

index 424b493..0000000
--- a/meta-app-framework/recipes-security/security-manager/security-manager_git.bbappend
+++ /dev/null
@@ -1,2 +0,0 @@
-do_patch[depends] += "quilt-native:do_populate_sysroot libcap:do_populate_sysroot"
-APPLY = "no"
diff --git a/meta-security/recipes-security/security-manager/security-manager.inc b/meta-security/recipes-security/security-manager/security-manager.inc

index ddd87a9..fdc5083 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager.inc
+++ b/meta-security/recipes-security/security-manager/security-manager.inc
@@ -4,35 +4,33 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginlin
  
  inherit cmake
  
  
  inherit cmake
  
-# Out-of-tree build is broken ("sqlite3 .security-manager.db <db.sql" where db.sql is in $S/db).
  B = "${S}"
  
  DEPENDS = " \
  B = "${S}"
  
  DEPENDS = " \
-attr \
-boost \
-cynara \
-icu \
-libcap \
-smack \
-sqlite3 \
-sqlite3-native \
-systemd \
+   attr \
+   boost \
+   cynara \
+   icu \
+   libcap \
+   smack \
+   sqlite3 \
+   systemd \
  "
  
  PACKAGECONFIG ??= ""
  PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
  
  "
  
  PACKAGECONFIG ??= ""
  PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE"
  
-TZ_SYS_DB = "/var/local/db/security-manager"
+TZ_SYS_DB ?= "/var/db/security-manager"
  
  EXTRA_OECMAKE = " \
  
  EXTRA_OECMAKE = " \
--DCMAKE_VERBOSE_MAKEFILE=ON \
--DVERSION=${PV} \
--DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
--DBIN_INSTALL_DIR=${bindir} \
--DDB_INSTALL_DIR=${TZ_SYS_DB} \
--DLIB_INSTALL_DIR=${libdir} \
--DSHARE_INSTALL_PREFIX=${datadir} \
--DINCLUDE_INSTALL_DIR=${includedir} \
+   -DCMAKE_VERBOSE_MAKEFILE=ON \
+   -DVERSION=${PV} \
+   -DSYSTEMD_INSTALL_DIR=${systemd_unitdir}/system \
+   -DBIN_INSTALL_DIR=${bindir} \
+   -DDB_INSTALL_DIR=${TZ_SYS_DB} \
+   -DLIB_INSTALL_DIR=${libdir} \
+   -DSHARE_INSTALL_PREFIX=${datadir} \
+   -DINCLUDE_INSTALL_DIR=${includedir} \
  "
  
  inherit systemd
  "
  
  inherit systemd
@@ -71,16 +69,11 @@ do_install_append () {
     ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
  }
  
     ln -s ../security-manager.socket ${D}/${systemd_unitdir}/system/sockets.target.wants/security-manager.socket
  }
  
-RDEPENDS_${PN} += "smack"
-pkg_postinst_${PN} () {
-   set -e
-   chsmack -a System $D${TZ_SYS_DB}/.security-manager.db
-   chsmack -a System $D${TZ_SYS_DB}/.security-manager.db-journal
-}
-
+RDEPENDS_${PN} += "sqlite3 cynara"
  FILES_${PN} += " \
  FILES_${PN} += " \
-${systemd_unitdir} \
-${TZ_SYS_DB} \
+   ${systemd_unitdir} \
+   ${TZ_SYS_DB} \
+   ${bindir}/.security-manager-setup \
  "
  
  PACKAGES =+ "${PN}-policy"
  "
  
  PACKAGES =+ "${PN}-policy"
@@ -88,7 +81,3 @@ FILES_${PN}-policy = " \
     ${datadir}/${PN} \
     ${bindir}/security-manager-policy-reload \
  "
     ${datadir}/${PN} \
     ${bindir}/security-manager-policy-reload \
  "
-RDEPENDS_${PN}-policy += "sqlite3 cynara"
-pkg_postinst_ontarget_${PN}-policy () {
-   ${bindir}/security-manager-policy-reload
-}
diff --git a/meta-security/recipes-security/security-manager/security-manager/systemd-stop-using-compat-libs.patch b/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch

similarity index 90%

rename from meta-security/recipes-security/security-manager/security-manager/systemd-stop-using-compat-libs.patch

rename to meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch

index cd5c36a..91ce819 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/systemd-stop-using-compat-libs.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch
@@ -1,7 +1,7 @@
-From 8ec024d2adecb53029c6f1af2b95c93dfd43a7cb Mon Sep 17 00:00:00 2001
+From 3d9d1d83fe298a364f51ad752c17aad461beded3 Mon Sep 17 00:00:00 2001
  From: Patrick Ohly <patrick.ohly@intel.com>
  Date: Tue, 24 Mar 2015 04:54:03 -0700
  From: Patrick Ohly <patrick.ohly@intel.com>
  Date: Tue, 24 Mar 2015 04:54:03 -0700
-Subject: [PATCH] systemd: stop using compat libs
+Subject: [PATCH 01/14] systemd: stop using compat libs
  
  libsystemd-journal and libsystemd-daemon are considered obsolete
  in systemd since 2.09 and may not be available (not compiled
  
  libsystemd-journal and libsystemd-daemon are considered obsolete
  in systemd since 2.09 and may not be available (not compiled
@@ -12,7 +12,6 @@ use that.
  
  Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
  
  Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
-
  ---
   src/common/CMakeLists.txt | 2 +-
   src/server/CMakeLists.txt | 2 +-
  ---
   src/common/CMakeLists.txt | 2 +-
   src/server/CMakeLists.txt | 2 +-
@@ -44,4 +43,5 @@ index 753eb96..6849d76 100644
   
   FIND_PACKAGE(Boost REQUIRED)
  -- 
   
   FIND_PACKAGE(Boost REQUIRED)
  -- 
-2.1.4
+2.21.0
+
diff --git a/meta-security/recipes-security/security-manager/security-manager/security-manager-policy-reload-do-not-depend-on-GNU-.patch b/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch

similarity index 89%

rename from meta-security/recipes-security/security-manager/security-manager/security-manager-policy-reload-do-not-depend-on-GNU-.patch

rename to meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch

index ac57964..b634648 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/security-manager-policy-reload-do-not-depend-on-GNU-.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch
@@ -1,7 +1,8 @@
-From d2995014142306987bf86b4d508a84b9b4683c5c Mon Sep 17 00:00:00 2001
+From a90515613f09140049b2bdf471fa83d5dd7bad1c Mon Sep 17 00:00:00 2001
  From: Patrick Ohly <patrick.ohly@intel.com>
  Date: Wed, 19 Aug 2015 15:02:32 +0200
  From: Patrick Ohly <patrick.ohly@intel.com>
  Date: Wed, 19 Aug 2015 15:02:32 +0200
-Subject: [PATCH 2/2] security-manager-policy-reload: do not depend on GNU sed
+Subject: [PATCH 02/14] security-manager-policy-reload: do not depend on GNU
+ sed
  
  \U (= make replacement uppercase) is a GNU sed extension which is not
  supported by other sed implementation's (like the one from
  
  \U (= make replacement uppercase) is a GNU sed extension which is not
  supported by other sed implementation's (like the one from
@@ -13,7 +14,6 @@ bucket name into uppercase.
  
  Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
  
  Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  Upstream-Status: Submitted (https://github.com/Samsung/security-manager/pull/1
-
  ---
   policy/security-manager-policy-reload | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)
  ---
   policy/security-manager-policy-reload | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)
@@ -32,4 +32,5 @@ index 274c49c..6f211c6 100755
       # Re-create the bucket with empty contents
       cyad --delete-bucket=$bucket || true
  -- 
       # Re-create the bucket with empty contents
       cyad --delete-bucket=$bucket || true
  -- 
-2.1.4
+2.21.0
+
diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-Smack-rules-create-two-new-functions.patch b/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch

similarity index 90%

rename from meta-security/recipes-security/security-manager/security-manager/0001-Smack-rules-create-two-new-functions.patch

rename to meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch

index b0e11af..d79345e 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/0001-Smack-rules-create-two-new-functions.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch
@@ -1,7 +1,7 @@
-From d130a7384428a96f31ad5950ffbffadc0aa29a15 Mon Sep 17 00:00:00 2001
+From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
  From: Alejandro Joya <alejandro.joya.cruz@intel.com>
  Date: Wed, 4 Nov 2015 19:01:35 -0600
  From: Alejandro Joya <alejandro.joya.cruz@intel.com>
  Date: Wed, 4 Nov 2015 19:01:35 -0600
-Subject: [PATCH 1/2] Smack-rules: create two new functions
+Subject: [PATCH 03/14] Smack-rules: create two new functions
  
  It let to smack-rules to create multiple set of rules
  related with the privileges.
  
  It let to smack-rules to create multiple set of rules
  related with the privileges.
@@ -9,14 +9,15 @@ related with the privileges.
  It runs from the same bases than for a static set of rules on the
  template, but let you add 1 or many templates for different cases.
  
  It runs from the same bases than for a static set of rules on the
  template, but let you add 1 or many templates for different cases.
  
+Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
  Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
  ---
  Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
  ---
- src/common/include/smack-rules.h | 15 ++++++++++++++
- src/common/smack-rules.cpp       | 44 ++++++++++++++++++++++++++++++++++++++++
+ src/common/include/smack-rules.h | 15 +++++++++++
+ src/common/smack-rules.cpp       | 44 ++++++++++++++++++++++++++++++++
   2 files changed, 59 insertions(+)
  
  diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
   2 files changed, 59 insertions(+)
  
  diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
-index 91446a7..f9fa438 100644
+index 91446a7..3ad9dd4 100644
  --- a/src/common/include/smack-rules.h
  +++ b/src/common/include/smack-rules.h
  @@ -47,6 +47,8 @@ public:
  --- a/src/common/include/smack-rules.h
  +++ b/src/common/include/smack-rules.h
  @@ -47,6 +47,8 @@ public:
@@ -28,10 +29,11 @@ index 91446a7..f9fa438 100644
   
       void apply() const;
       void clear() const;
   
       void apply() const;
       void clear() const;
-@@ -75,6 +77,19 @@ public:
+@@ -74,6 +76,19 @@ public:
+      */
       static void installApplicationRules(const std::string &appId, const std::string &pkgId,
           const std::vector<std::string> &pkgContents);
       static void installApplicationRules(const std::string &appId, const std::string &pkgId,
           const std::vector<std::string> &pkgContents);
-     /**
++    /**
  +     * Install privileges-specific smack rules.
  +     *
  +     * Function creates smack rules using predefined template. Rules are applied
  +     * Install privileges-specific smack rules.
  +     *
  +     * Function creates smack rules using predefined template. Rules are applied
@@ -40,16 +42,15 @@ index 91446a7..f9fa438 100644
  +     * @param[in] appId - application id that is beeing installed
  +     * @param[in] pkgId - package id that the application is in
  +     * @param[in] pkgContents - a list of all applications in the package
  +     * @param[in] appId - application id that is beeing installed
  +     * @param[in] pkgId - package id that the application is in
  +     * @param[in] pkgContents - a list of all applications in the package
-+     * @param[in] privileges - a list of all prvileges 
++     * @param[in] privileges - a list of all prvileges
  +     */
  +    static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
  +        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
  +     */
  +    static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
  +        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
-+    /**
+     /**
        * Uninstall package-specific smack rules.
        *
        * Uninstall package-specific smack rules.
        *
-      * Function loads package-specific smack rules, revokes them from the kernel
  diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
  diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index 3629e0f..d834e42 100644
+index 3629e0f..922a56f 100644
  --- a/src/common/smack-rules.cpp
  +++ b/src/common/smack-rules.cpp
  @@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
  --- a/src/common/smack-rules.cpp
  +++ b/src/common/smack-rules.cpp
  @@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
@@ -98,7 +99,7 @@ index 3629e0f..d834e42 100644
  +            continue;
  +        std::string fprivilege ( privilege + "-template.smack");
  +        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
  +            continue;
  +        std::string fprivilege ( privilege + "-template.smack");
  +        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+        if( stat(path.c_str(), &buffer) == 0) 
++        if( stat(path.c_str(), &buffer) == 0)
  +            smackRules.addFromTemplateFile(appId, pkgId, path);
  +    }
  +
  +            smackRules.addFromTemplateFile(appId, pkgId, path);
  +    }
  +
@@ -112,5 +113,5 @@ index 3629e0f..d834e42 100644
           const std::vector<std::string> &pkgContents)
   {
  -- 
           const std::vector<std::string> &pkgContents)
   {
  -- 
-2.1.0
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch b/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch

similarity index 90%

rename from meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch

rename to meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch

index d60096a..59d4971 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch
@@ -1,7 +1,7 @@
-From 19688cbe2ca10921a499f3fa265928dca54cf98d Mon Sep 17 00:00:00 2001
+From a5979d9d674e400ecd7fcdf5d7589cfa0cfeb492 Mon Sep 17 00:00:00 2001
  From: Alejandro Joya <alejandro.joya.cruz@intel.com>
  Date: Wed, 4 Nov 2015 19:06:23 -0600
  From: Alejandro Joya <alejandro.joya.cruz@intel.com>
  Date: Wed, 4 Nov 2015 19:06:23 -0600
-Subject: [PATCH 2/2] app-install: implement multiple set of smack-rules
+Subject: [PATCH 04/14] app-install: implement multiple set of smack-rules
  
  If it's need it could create load multiple set of smack rules
  related with the privileges.
  
  If it's need it could create load multiple set of smack rules
  related with the privileges.
@@ -30,5 +30,5 @@ index 7fd621c..ae305d3 100644
           LogError("Error while applying Smack policy for application: " << e.DumpToString());
           return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
  -- 
           LogError("Error while applying Smack policy for application: " << e.DumpToString());
           return SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED;
  -- 
-2.1.0
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/c-11-replace-depracated-auto_ptr.patch b/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch

similarity index 88%

rename from meta-security/recipes-security/security-manager/security-manager/c-11-replace-depracated-auto_ptr.patch

rename to meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch

index c312a9e..0739f28 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/c-11-replace-depracated-auto_ptr.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch
@@ -1,7 +1,7 @@
-From 6abeec29a0e704f4bf7084b29275b99fea0a78de Mon Sep 17 00:00:00 2001
+From 198ba9b9782fda19803e94d2afeff91189ac27af Mon Sep 17 00:00:00 2001
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
  Date: Wed, 13 Jan 2016 17:30:06 +0100
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
  Date: Wed, 13 Jan 2016 17:30:06 +0100
-Subject: [PATCH 2/2] c++11: replace depracated auto_ptr
+Subject: [PATCH 05/14] c++11: replace deprecated auto_ptr
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -28,5 +28,5 @@ index dd03f5e..185b6c7 100644
   /**
    * Binary stream implemented as constant size bucket list
  -- 
   /**
    * Binary stream implemented as constant size bucket list
  -- 
-2.1.4
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/socket-manager-removes-tizen-specific-call.patch b/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch

similarity index 87%

rename from meta-security/recipes-security/security-manager/security-manager/socket-manager-removes-tizen-specific-call.patch

rename to meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch

index fa4c21c..3b8aad9 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/socket-manager-removes-tizen-specific-call.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch
@@ -1,7 +1,7 @@
-From 75c4852e47217ab85d6840b488ab4b3688091856 Mon Sep 17 00:00:00 2001
+From ec098bf03cea23350ca7d1ea2ad88b9c88228943 Mon Sep 17 00:00:00 2001
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Fri, 8 Jan 2016 16:53:46 +0100
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Fri, 8 Jan 2016 16:53:46 +0100
-Subject: [PATCH 1/2] socket-manager: removes tizen specific call
+Subject: [PATCH 06/14] socket-manager: removes tizen specific call
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -18,7 +18,7 @@ Signed-off-by: José Bollo <jobol@nonadev.net>
   1 file changed, 4 insertions(+), 3 deletions(-)
  
  diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
   1 file changed, 4 insertions(+), 3 deletions(-)
  
  diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
-index 0366186..c5cec18 100644
+index 94c54c6..5e1a79b 100644
  --- a/src/server/main/socket-manager.cpp
  +++ b/src/server/main/socket-manager.cpp
  @@ -30,6 +30,7 @@
  --- a/src/server/main/socket-manager.cpp
  +++ b/src/server/main/socket-manager.cpp
  @@ -30,6 +30,7 @@
@@ -29,7 +29,7 @@ index 0366186..c5cec18 100644
   #include <sys/un.h>
   #include <sys/stat.h>
   #include <unistd.h>
   #include <sys/un.h>
   #include <sys/stat.h>
   #include <unistd.h>
-@@ -500,9 +501,9 @@ int SocketManager::CreateDomainSocketHelp(
+@@ -493,9 +494,9 @@ int SocketManager::CreateDomainSocketHelp(
       if (smack_check()) {
           LogInfo("Set up smack label: " << desc.smackLabel);
   
       if (smack_check()) {
           LogInfo("Set up smack label: " << desc.smackLabel);
   
@@ -43,5 +43,5 @@ index 0366186..c5cec18 100644
       } else {
           LogInfo("No smack on platform. Socket won't be securied with smack label!");
  -- 
       } else {
           LogInfo("No smack on platform. Socket won't be securied with smack label!");
  -- 
-2.1.4
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch b/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch

similarity index 86%

rename from meta-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch

rename to meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch

index f949730..bad99d2 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch
@@ -1,16 +1,16 @@
-From 1e2f8f58d4320afa1d83a6f94822e53346108ee8 Mon Sep 17 00:00:00 2001
+From 9d0791dab4b4df086374c5c0ba2a6558e10e81c1 Mon Sep 17 00:00:00 2001
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Mon, 16 Nov 2015 15:56:27 +0100
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Mon, 16 Nov 2015 15:56:27 +0100
-Subject: [PATCH] removes dependency to libslp-db-utils
+Subject: [PATCH 07/14] removes dependency to libslp-db-utils
  
  Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec
  ---
  
  Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec
  ---
- src/common/CMakeLists.txt         |  1 ++-
+ src/common/CMakeLists.txt         |  3 ++-
   src/dpl/db/src/sql_connection.cpp | 17 +----------------
   src/dpl/db/src/sql_connection.cpp | 17 +----------------
- 2 files changed, 3 additions(+), 17 deletions(-)
+ 2 files changed, 3 insertions(+), 17 deletions(-)
  
  diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
  
  diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
-index 968c7c1..d1fe644 100644
+index 968c7c1..9ae376f 100644
  --- a/src/common/CMakeLists.txt
  +++ b/src/common/CMakeLists.txt
  @@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP
  --- a/src/common/CMakeLists.txt
  +++ b/src/common/CMakeLists.txt
  @@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP
@@ -18,13 +18,13 @@ index 968c7c1..d1fe644 100644
       libsystemd
       libsmack
  -    db-util
       libsystemd
       libsmack
  -    db-util
-+    sqlite3 
++    sqlite3
  +    icu-i18n
       cynara-admin
       cynara-client
       )
  diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp
  +    icu-i18n
       cynara-admin
       cynara-client
       )
  diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp
-index fdb4fe4..1fb97be 100644
+index fdb4fe4..f49a6dc 100644
  --- a/src/dpl/db/src/sql_connection.cpp
  +++ b/src/dpl/db/src/sql_connection.cpp
  @@ -26,7 +26,6 @@
  --- a/src/dpl/db/src/sql_connection.cpp
  +++ b/src/dpl/db/src/sql_connection.cpp
  @@ -26,7 +26,6 @@
@@ -74,5 +74,5 @@ index fdb4fe4..1fb97be 100644
       if (result != SQLITE_OK) {
           const char *error = sqlite3_errmsg(m_connection);
  -- 
       if (result != SQLITE_OK) {
           const char *error = sqlite3_errmsg(m_connection);
  -- 
-2.1.4
+2.21.0
  
  
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch

similarity index 83%

rename from meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch

rename to meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch

index 1b3c8c4..5ece7ef 100644 (file)
--- a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch
@@ -1,7 +1,7 @@
-From cb9acc2b723b297ee373bf814282711f02657aa5 Mon Sep 17 00:00:00 2001
+From a1d9b40b4fa2e73d31a53e398c286bffeaae1732 Mon Sep 17 00:00:00 2001
  From: Ronan <ronan.lemartret@iot.bzh>
  Date: Wed, 12 Oct 2016 17:48:55 +0200
  From: Ronan <ronan.lemartret@iot.bzh>
  Date: Wed, 12 Oct 2016 17:48:55 +0200
-Subject: [PATCH] Fix gcc6 build
+Subject: [PATCH 08/14] Fix gcc6 build
  
  Signed-off-by: ronan <ronan@ot.bzh>
  ---
  
  Signed-off-by: ronan <ronan@ot.bzh>
  ---
@@ -18,11 +18,11 @@ index 74a6b30..347cddd 100644
   #include <security-manager.h>
   #include <client-offline.h>
  +#include <linux/xattr.h>
   #include <security-manager.h>
   #include <client-offline.h>
  +#include <linux/xattr.h>
-
+ 
   static const char *EMPTY = "";
   static const char *EMPTY = "";
-
+ 
  diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
  diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 03c6680..8dd39a1 100644
+index 4d73d90..08fb9d6 100644
  --- a/src/common/include/privilege_db.h
  +++ b/src/common/include/privilege_db.h
  @@ -32,6 +32,7 @@
  --- a/src/common/include/privilege_db.h
  +++ b/src/common/include/privilege_db.h
  @@ -32,6 +32,7 @@
@@ -30,9 +30,9 @@ index 03c6680..8dd39a1 100644
   #include <stdbool.h>
   #include <string>
  +#include <vector>
   #include <stdbool.h>
   #include <string>
  +#include <vector>
-
+ 
   #include <dpl/db/sql_connection.h>
   #include <dpl/db/sql_connection.h>
-
+ #include <tzplatform_config.h>
  -- 
  -- 
-2.6.6
+2.21.0
  
  
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch b/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch

similarity index 85%

rename from meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch

rename to meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch

index 43a3ee1..706eb1a 100644 (file)
--- a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch
@@ -1,7 +1,7 @@
-From 19c99315a5dcba3b696c30d1fdd42a1dcd574a80 Mon Sep 17 00:00:00 2001
+From 382379d74221bcc60a0ab70d63430a1c0587b2ec Mon Sep 17 00:00:00 2001
  From: Ronan <ronan.lemartret@iot.bzh>
  Date: Thu, 13 Oct 2016 11:37:47 +0200
  From: Ronan <ronan.lemartret@iot.bzh>
  Date: Thu, 13 Oct 2016 11:37:47 +0200
-Subject: [PATCH] Fix Cmake conf for gcc6 build
+Subject: [PATCH 09/14] Fix Cmake conf for gcc6 build
  
  Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
  ---
  
  Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
  ---
@@ -24,7 +24,7 @@ index ee9a160..aa7a12c 100644
   INCLUDE_DIRECTORIES(
       ${INCLUDE_PATH}
  diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
   INCLUDE_DIRECTORIES(
       ${INCLUDE_PATH}
  diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
-index 753eb96..8eef25d 100644
+index 6849d76..9598037 100644
  --- a/src/server/CMakeLists.txt
  +++ b/src/server/CMakeLists.txt
  @@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
  --- a/src/server/CMakeLists.txt
  +++ b/src/server/CMakeLists.txt
  @@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
@@ -36,5 +36,5 @@ index 753eb96..8eef25d 100644
       )
   
  -- 
       )
   
  -- 
-2.6.6
+2.21.0
  
  
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch b/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch

similarity index 90%

rename from meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch

rename to meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch

index 7b6845a..0f48c5f 100644 (file)
--- a/meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch
@@ -1,7 +1,7 @@
-From ed1c105db9d7b1ceb52ec16f35b0a2c959c19c6d Mon Sep 17 00:00:00 2001
+From 8e93699c0f225716f3cd5eff790270ae9e3880f9 Mon Sep 17 00:00:00 2001
  From: Changhyeok Bae <changhyeok.bae@gmail.com>
  Date: Sun, 17 Dec 2017 15:40:58 +0000
  From: Changhyeok Bae <changhyeok.bae@gmail.com>
  Date: Sun, 17 Dec 2017 15:40:58 +0000
-Subject: [PATCH] gcc-7 requires include <functional> for std::function
+Subject: [PATCH 10/14] gcc-7 requires include <functional> for std::function
  
  Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
  ---
  
  Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
  ---
@@ -47,5 +47,5 @@ index 72817a6..838409f 100644
   namespace SecurityManager {
   BinaryQueue::BinaryQueue() :
  -- 
   namespace SecurityManager {
   BinaryQueue::BinaryQueue() :
  -- 
-2.7.4
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-Fix-gcc8-warning-error-Werror-catch-value.patch b/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch

similarity index 87%

rename from meta-security/recipes-security/security-manager/security-manager/0001-Fix-gcc8-warning-error-Werror-catch-value.patch

rename to meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch

index 5a55a31..5c679fc 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/0001-Fix-gcc8-warning-error-Werror-catch-value.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch
@@ -1,7 +1,7 @@
-From 37c63c280eaec8cae3a321d45404d6c03a68c9d9 Mon Sep 17 00:00:00 2001
+From 243b7ffee16558d7cb9b411f49380138efeffca9 Mon Sep 17 00:00:00 2001
  From: Stephane Desneux <stephane.desneux@iot.bzh>
  Date: Fri, 1 Feb 2019 12:26:17 +0000
  From: Stephane Desneux <stephane.desneux@iot.bzh>
  Date: Fri, 1 Feb 2019 12:26:17 +0000
-Subject: [PATCH] Fix gcc8 warning/error [-Werror=catch-value=]
+Subject: [PATCH 11/14] Fix gcc8 warning/error [-Werror=catch-value=]
  
  Fixes the following warning/error during compile:
  
  
  Fixes the following warning/error during compile:
  
@@ -28,5 +28,5 @@ index 63538a2..fc60ce9 100644
       }
   
  -- 
       }
   
  -- 
-2.11.0
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/0001-Avoid-casting-from-const-T-to-void.patch b/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch

similarity index 90%

rename from meta-security/recipes-security/security-manager/security-manager/0001-Avoid-casting-from-const-T-to-void.patch

rename to meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch

index f598fdc..91ccf9e 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/0001-Avoid-casting-from-const-T-to-void.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch
@@ -1,7 +1,7 @@
-From 14c8842ed8a37fecbc70d46e27b49ae929b0c85f Mon Sep 17 00:00:00 2001
+From 5ee51d38575f289c2bf37ed817ef680ed47bb320 Mon Sep 17 00:00:00 2001
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Fri, 1 Feb 2019 15:37:44 +0100
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Fri, 1 Feb 2019 15:37:44 +0100
-Subject: [PATCH] Avoid casting from "const T&" to "void*"
+Subject: [PATCH 12/14] Avoid casting from "const T&" to "void*"
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
  MIME-Version: 1.0
  Content-Type: text/plain; charset=UTF-8
  Content-Transfer-Encoding: 8bit
@@ -15,14 +15,14 @@ is coming from the const or not.
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  ---
  
  Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  ---
- src/server/main/include/service-thread.h | 43 ++++++++++--------------
- 1 file changed, 18 insertions(+), 25 deletions(-)
+ src/server/main/include/service-thread.h | 42 ++++++++++--------------
+ 1 file changed, 18 insertions(+), 24 deletions(-)
  
  diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h
  
  diff --git a/src/server/main/include/service-thread.h b/src/server/main/include/service-thread.h
-index 964d168..92b0ec8 100644
+index 964d168..61fdda8 100644
  --- a/src/server/main/include/service-thread.h
  +++ b/src/server/main/include/service-thread.h
  --- a/src/server/main/include/service-thread.h
  +++ b/src/server/main/include/service-thread.h
-@@ -9,78 +94,72 @@ public:
+@@ -94,7 +94,7 @@ public:
               Join();
           while (!m_eventQueue.empty()){
               auto front = m_eventQueue.front();
               Join();
           while (!m_eventQueue.empty()){
               auto front = m_eventQueue.front();
@@ -31,9 +31,7 @@ index 964d168..92b0ec8 100644
               m_eventQueue.pop();
           }
       }
               m_eventQueue.pop();
           }
       }
- 
-     template <class T>
-     void Event(const T &event,
+@@ -104,34 +104,28 @@ public:
                  Service *servicePtr,
                  void (Service::*serviceFunction)(const T &))
       {
                  Service *servicePtr,
                  void (Service::*serviceFunction)(const T &))
       {
@@ -59,30 +57,27 @@ index 964d168..92b0ec8 100644
  -        Service *servicePtr;
  -        void (ServiceThread::*eventFunctionPtr)(const EventDescription &event);
  -        GenericEvent* eventPtr;
  -        Service *servicePtr;
  -        void (ServiceThread::*eventFunctionPtr)(const EventDescription &event);
  -        GenericEvent* eventPtr;
--    };
--
--    template <class T>
++    struct EventCallerBase {
++       virtual void fire() = 0;
++       virtual ~EventCallerBase() {}
+     };
+ 
+     template <class T>
  -    void EventCall(const EventDescription &desc) {
  -        auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr);
  -        const T& eventLocale = *(static_cast<T*>(desc.eventPtr));
  -        (desc.servicePtr->*fun)(eventLocale);
  -    }
  -    void EventCall(const EventDescription &desc) {
  -        auto fun = reinterpret_cast<void (Service::*)(const T&)>(desc.serviceFunctionPtr);
  -        const T& eventLocale = *(static_cast<T*>(desc.eventPtr));
  -        (desc.servicePtr->*fun)(eventLocale);
  -    }
-+    struct EventCallerBase {
-+       virtual void fire() = 0;
-+       virtual ~EventCallerBase() {}
-+    };
- 
-+    template <class T>
  +    struct EventCaller : public EventCallerBase {
  +        T *event; Service *target; void (Service::*function)(const T&);
  +        EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {}
  +      ~EventCaller() { delete event; }
  +      void fire() { (target->*function)(*event); }
  +    };
  +    struct EventCaller : public EventCallerBase {
  +        T *event; Service *target; void (Service::*function)(const T&);
  +        EventCaller(const T &e, Service *c, void (Service::*f)(const T&)) : event(new T(e)), target(c), function(f) {}
  +      ~EventCaller() { delete event; }
  +      void fire() { (target->*function)(*event); }
  +    };
-+
+ 
       static void ThreadLoopStatic(ServiceThread *ptr) {
           ptr->ThreadLoop();
       static void ThreadLoopStatic(ServiceThread *ptr) {
           ptr->ThreadLoop();
-     }
+@@ -139,33 +133,33 @@ protected:
   
       void ThreadLoop(){
           for (;;) {
   
       void ThreadLoop(){
           for (;;) {
@@ -123,5 +118,5 @@ index 964d168..92b0ec8 100644
   
       State m_state;
  -- 
   
       State m_state;
  -- 
-2.17.2
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch

similarity index 56%

rename from meta-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch

rename to meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch

index 4baea65..fb62159 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch
+++ b/meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch
@@ -1,33 +1,96 @@
-From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001
+From 6c96a39ba7a7763ccd47e379dbfd8d376164985f Mon Sep 17 00:00:00 2001
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Mon, 16 Nov 2015 14:26:25 +0100
  From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
  Date: Mon, 16 Nov 2015 14:26:25 +0100
-Subject: [PATCH] Removing tizen-platform-config
+Subject: [PATCH 13/14] Removing tizen-platform-config
  
  Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
  ---
  
  Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121
  ---
- policy/security-manager-policy-reload |  2 +-
- src/common/file-lock.cpp              |  4 +---
- src/common/include/file-lock.h        |  1 -
- src/common/include/privilege_db.h     |  3 +--
- src/common/service_impl.cpp           | 39 +++++++++++------------------------
- src/common/smack-rules.cpp            | 12 ++++-------
- 6 files changed, 19 insertions(+), 42 deletions(-)
+ CMakeLists.txt                                | 16 +++++++-
+ db/CMakeLists.txt                             |  2 +-
+ policy/CMakeLists.txt                         |  1 +
+ ...load => security-manager-policy-reload.in} |  4 +-
+ src/common/file-lock.cpp                      |  4 +-
+ src/common/include/file-lock.h                |  1 -
+ src/common/include/privilege_db.h             |  3 +-
+ src/common/service_impl.cpp                   | 39 ++++++-------------
+ src/common/smack-rules.cpp                    | 12 ++----
+ 9 files changed, 37 insertions(+), 45 deletions(-)
+ rename policy/{security-manager-policy-reload => security-manager-policy-reload.in} (94%)
  
  
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 6f211c6..ed8047a 100755
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 28790d8..37a43cc 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -49,7 +49,7 @@ ADD_DEFINITIONS("-Wall")                        # Generate all warnings
+ ADD_DEFINITIONS("-Wextra")                      # Generate even more extra warnings
+ 
+ STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
+-ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
++ADD_DEFINITIONS("-DAPI_VERSION=\"${API_VERSION}\"")
+ 
+ ADD_DEFINITIONS("-DSMACK_ENABLED")
+ 
+@@ -58,6 +58,20 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
+     ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
+ ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
+ 
++SET(DATADIR        "/usr/share/security-manager" CACHE STRING "path to data directory")
++SET(SMACKRULESDIR  "/etc/smack/accesses.d"       CACHE STRING "path to Smack rules directory")
++SET(LOCKDIR        "/var/run/lock"               CACHE STRING "path to lock directory")
++SET(DB_INSTALL_DIR "/var/db/security-manager"    CACHE STRING "path to database directory")
++SET(DB_FILENAME    ".security-manager.db"        CACHE STRING "basename of database")
++SET(GLOBALUSER     "userapp"                     CACHE STRING "name of the global user")
++
++ADD_DEFINITIONS("-DDATADIR=\"${DATADIR}\"")
++ADD_DEFINITIONS("-DSMACKRULESDIR=\"${SMACKRULESDIR}\"")
++ADD_DEFINITIONS("-DLOCKDIR=\"${LOCKDIR}\"")
++ADD_DEFINITIONS("-DDB_INSTALL_DIR=\"${DB_INSTALL_DIR}\"")
++ADD_DEFINITIONS("-DDB_FILENAME=\"${DB_FILENAME}\"")
++ADD_DEFINITIONS("-DGLOBALUSER=\"${GLOBALUSER}\"")
++
+ ADD_SUBDIRECTORY(src)
+ ADD_SUBDIRECTORY(pc)
+ ADD_SUBDIRECTORY(systemd)
+diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
+index 9e8ffcc..d7af1a0 100644
+--- a/db/CMakeLists.txt
++++ b/db/CMakeLists.txt
+@@ -1,4 +1,4 @@
+-SET(TARGET_DB ".security-manager.db")
++SET(TARGET_DB "$(DB_FILENAME)")
+ 
+ ADD_CUSTOM_COMMAND(
+     OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
+diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt
+index bd08edc..626a2bd 100644
+--- a/policy/CMakeLists.txt
++++ b/policy/CMakeLists.txt
+@@ -1,4 +1,5 @@
+ FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
++CONFIGURE_FILE(security-manager-policy-reload.in security-manager-policy-reload @ONLY)
+ INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
+ INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
+ INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
+diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload.in
+similarity index 94%
+rename from policy/security-manager-policy-reload
+rename to policy/security-manager-policy-reload.in
+index 6f211c6..c1bc4e2 100755
  --- a/policy/security-manager-policy-reload
  --- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -2,7 +2,7 @@
++++ b/policy/security-manager-policy-reload.in
+@@ -1,8 +1,8 @@
+ #!/bin/sh -e
   
   
- POLICY_PATH=/usr/share/security-manager/policy
+-POLICY_PATH=/usr/share/security-manager/policy
++POLICY_PATH=@DATADIR@/policy
   PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
  -DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
   PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
  -DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
-+DB_FILE=/usr/dbspace/.security-manager.db
++DB_FILE=@DB_INSTALL_DIR@/@DB_FILENAME@
   
   # Create default buckets
   while read bucket default_policy
  diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
   
   # Create default buckets
   while read bucket default_policy
  diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
-index 6f3996c..1dada17 100644
+index 6f3996c..88d2092 100644
  --- a/src/common/file-lock.cpp
  +++ b/src/common/file-lock.cpp
  @@ -30,9 +30,7 @@
  --- a/src/common/file-lock.cpp
  +++ b/src/common/file-lock.cpp
  @@ -30,9 +30,7 @@
@@ -37,7 +100,7 @@ index 6f3996c..1dada17 100644
  -char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
  -                                                         "lock",
  -                                                         "security-manager.lock");
  -char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN,
  -                                                         "lock",
  -                                                         "security-manager.lock");
-+char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock";
++char const * const SERVICE_LOCK_FILE = LOCKDIR "/security-manager.lock";
   
   FileLocker::FileLocker(const std::string &lockFile, bool blocking)
   {
   
   FileLocker::FileLocker(const std::string &lockFile, bool blocking)
   {
@@ -54,11 +117,11 @@ index 604b019..21a86a0 100644
   namespace SecurityManager {
   
  diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
   namespace SecurityManager {
   
  diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
-index 4d73d90..03c6680 100644
+index 08fb9d6..3344987 100644
  --- a/src/common/include/privilege_db.h
  +++ b/src/common/include/privilege_db.h
  --- a/src/common/include/privilege_db.h
  +++ b/src/common/include/privilege_db.h
-@@ -34,14 +34,13 @@
- #include <string>
+@@ -35,14 +35,13 @@
+ #include <vector>
   
   #include <dpl/db/sql_connection.h>
  -#include <tzplatform_config.h>
   
   #include <dpl/db/sql_connection.h>
  -#include <tzplatform_config.h>
@@ -69,12 +132,12 @@ index 4d73d90..03c6680 100644
   namespace SecurityManager {
   
  -const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
   namespace SecurityManager {
   
  -const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-+const char *const PRIVILEGE_DB_PATH = "/usr/dbspace/.security-manager.db";
++const char *const PRIVILEGE_DB_PATH = DB_INSTALL_DIR "/" DB_FILENAME;
   
   enum class QueryType {
       EGetPkgPrivileges,
  diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
   
   enum class QueryType {
       EGetPkgPrivileges,
  diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
-index ae305d3..65cc8b5 100644
+index ae305d3..42150fe 100644
  --- a/src/common/service_impl.cpp
  +++ b/src/common/service_impl.cpp
  @@ -32,7 +32,6 @@
  --- a/src/common/service_impl.cpp
  +++ b/src/common/service_impl.cpp
  @@ -32,7 +32,6 @@
@@ -94,7 +157,7 @@ index ae305d3..65cc8b5 100644
  +    if (!globaluid) {
  +        struct passwd pw, *p;
  +        char buf[4096];
  +    if (!globaluid) {
  +        struct passwd pw, *p;
  +        char buf[4096];
-+        int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p);
++        int rc = getpwnam_r(GLOBALUSER, &pw, buf, sizeof buf, &p);
  +        globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
  +    }
       return globaluid;
  +        globaluid = (rc || p == NULL) ? 555 : p->pw_uid;
  +    }
       return globaluid;
@@ -144,7 +207,7 @@ index ae305d3..65cc8b5 100644
       std::stringstream correctPath;
   
  diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
       std::stringstream correctPath;
   
  diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
-index d834e42..8b5728b 100644
+index 922a56f..c2e0041 100644
  --- a/src/common/smack-rules.cpp
  +++ b/src/common/smack-rules.cpp
  @@ -34,7 +34,6 @@
  --- a/src/common/smack-rules.cpp
  +++ b/src/common/smack-rules.cpp
  @@ -34,7 +34,6 @@
@@ -160,7 +223,7 @@ index d834e42..8b5728b 100644
   const char *const SMACK_APP_LABEL_TEMPLATE     = "~APP~";
   const char *const SMACK_PKG_LABEL_TEMPLATE     = "~PKG~";
  -const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
   const char *const SMACK_APP_LABEL_TEMPLATE     = "~APP~";
   const char *const SMACK_PKG_LABEL_TEMPLATE     = "~PKG~";
  -const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
-+const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack";
++const char *const APP_RULES_TEMPLATE_FILE_PATH = DATADIR "/policy/app-rules-template.smack";
   const char *const SMACK_APP_IN_PACKAGE_PERMS   = "rwxat";
   
   SmackRules::SmackRules()
   const char *const SMACK_APP_IN_PACKAGE_PERMS   = "rwxat";
   
   SmackRules::SmackRules()
@@ -170,14 +233,14 @@ index d834e42..8b5728b 100644
   {
  -    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
  -    return path;
   {
  -    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str()));
  -    return path;
-+    return "/etc/smack/accesses.d/pkg_" + pkgId;
++    return SMACKRULESDIR "/pkg_" + pkgId;
   }
   
   std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
   {
  -    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
  -    return path;
   }
   
   std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
   {
  -    std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
  -    return path;
-+    return "/etc/smack/accesses.d/app_" + appId;
++    return SMACKRULESDIR "/app_" + appId;
   }
   void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
           const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
   }
   void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
           const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
@@ -187,10 +250,10 @@ index d834e42..8b5728b 100644
               continue;
  -        std::string fprivilege ( privilege + "-template.smack");
  -        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
               continue;
  -        std::string fprivilege ( privilege + "-template.smack");
  -        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
-+        std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack";
-         if( stat(path.c_str(), &buffer) == 0) 
++        std::string path = DATADIR "/policy/" + privilege + "-template.smack";
+         if( stat(path.c_str(), &buffer) == 0)
               smackRules.addFromTemplateFile(appId, pkgId, path);
       }
  -- 
               smackRules.addFromTemplateFile(appId, pkgId, path);
       }
  -- 
-2.1.4
+2.21.0
  
  
diff --git a/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch b/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch

new file mode 100644 (file)

index 0000000..542a387
--- /dev/null
+++ b/meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch
@@ -0,0 +1,78 @@
+From c7f9d14e38a1b6d40b2fffa01433a3025eff9abd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Tue, 26 Nov 2019 12:34:39 +0100
+Subject: [PATCH 14/14] Ensure post install initialization of database
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Creation of the database was made during image creation,
+leading to issue with SOTA. This adds the creation on
+need before launching the service.
+
+Change-Id: Idfd0676bd87d39f7c10eaafd63f3a318f675c972
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ db/CMakeLists.txt                   | 14 ++++++--------
+ db/security-manager-setup           | 14 ++++++++++++++
+ systemd/security-manager.service.in |  1 +
+ 3 files changed, 21 insertions(+), 8 deletions(-)
+ create mode 100644 db/security-manager-setup
+
+diff --git a/db/CMakeLists.txt b/db/CMakeLists.txt
+index d7af1a0..dcf5bc8 100644
+--- a/db/CMakeLists.txt
++++ b/db/CMakeLists.txt
+@@ -1,12 +1,10 @@
+-SET(TARGET_DB "$(DB_FILENAME)")
+-
+ ADD_CUSTOM_COMMAND(
+-    OUTPUT ${TARGET_DB} ${TARGET_DB}-journal
+-    COMMAND sqlite3 ${TARGET_DB} <db.sql
+-    )
++    OUTPUT .security-manager-setup
++    COMMAND sed '/--DB\.SQL--/r db.sql' security-manager-setup > .security-manager-setup
++    DEPENDS security-manager-setup db.sql
++)
+ 
+ # Add a dummy build target to trigger building of ${TARGET_DB}
+-ADD_CUSTOM_TARGET(DB ALL DEPENDS ${TARGET_DB})
++ADD_CUSTOM_TARGET(DB ALL DEPENDS .security-manager-setup)
+ 
+-INSTALL(FILES ${TARGET_DB} DESTINATION ${DB_INSTALL_DIR})
+-INSTALL(FILES ${TARGET_DB}-journal DESTINATION ${DB_INSTALL_DIR})
++INSTALL(PROGRAMS .security-manager-setup DESTINATION ${BIN_INSTALL_DIR})
+diff --git a/db/security-manager-setup b/db/security-manager-setup
+new file mode 100644
+index 0000000..5675baf
+--- /dev/null
++++ b/db/security-manager-setup
+@@ -0,0 +1,14 @@
++#!/bin/sh
++
++if test -f "$1"; then exit; fi
++set -e
++dbdir="$(dirname "$1")"
++dbfile="$(basename "$1")"
++test -n "$dbfile"
++test -n "$dbdir"
++mkdir -p "$dbdir"
++cd "$dbdir"
++sqlite3 "$dbfile" << END-OF-CAT
++--DB.SQL--
++END-OF-CAT
++
+diff --git a/systemd/security-manager.service.in b/systemd/security-manager.service.in
+index 23fd1b2..2bf97d7 100644
+--- a/systemd/security-manager.service.in
++++ b/systemd/security-manager.service.in
+@@ -3,5 +3,6 @@ Description=Start the security manager
+ 
+ [Service]
+ Type=notify
++ExecStartPre=@BIN_INSTALL_DIR@/.security-manager-setup @DB_INSTALL_DIR@/@DB_FILENAME@
+ ExecStart=@BIN_INSTALL_DIR@/security-manager
+ Sockets=security-manager.socket
+-- 
+2.21.0
+
diff --git a/meta-security/recipes-security/security-manager/security-manager/include-linux-xattr.patch b/meta-security/recipes-security/security-manager/security-manager/include-linux-xattr.patch

deleted file mode 100644 (file)

index 33fbc02..0000000
--- a/meta-security/recipes-security/security-manager/security-manager/include-linux-xattr.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: José Bollo <jose.bollo@iot.bzh>
-Date: Tue, 30 Oct 2015 14:32:03 -0100
-Subject: [PATCH] include linux xattr
-
-adds a #include <linux/xattr.h> in source.
-
----
- src/client/client-security-manager.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
-index 74a6b30..641790b 100644
---- a/src/client/client-security-manager.cpp
-+++ b/src/client/client-security-manager.cpp
-@@ -34,6 +34,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <sys/xattr.h>
-+#include <linux/xattr.h>
- #include <sys/smack.h>
- #include <sys/capability.h>
- 
--- 
-2.1.4
diff --git a/meta-security/recipes-security/security-manager/security-manager/libcap-without-pkgconfig.patch b/meta-security/recipes-security/security-manager/security-manager/libcap-without-pkgconfig.patch

deleted file mode 100644 (file)

index a948343..0000000
--- a/meta-security/recipes-security/security-manager/security-manager/libcap-without-pkgconfig.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: José Bollo <jose.bollo@iot.bzh>
-Date: Tue, 30 Oct 2015 14:32:03 -0100
-Subject: [PATCH] libcap without pkgconfig
-
-Handles libcap that isn't distributed for pkg-config
-
----
- src/client/CMakeLists.txt | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt
-index 5399a55..0250ce2 100644
---- a/src/client/CMakeLists.txt
-+++ b/src/client/CMakeLists.txt
-@@ -1,7 +1,6 @@
- PKG_CHECK_MODULES(CLIENT_DEP
-     REQUIRED
-     libsmack
--    libcap
-     )
- 
- SET(CLIENT_VERSION_MAJOR 1)
-@@ -37,6 +36,7 @@ SET_TARGET_PROPERTIES(${TARGET_CLIENT}
- TARGET_LINK_LIBRARIES(${TARGET_CLIENT}
-     ${TARGET_COMMON}
-     ${CLIENT_DEP_LIBRARIES}
-+    cap
-     )
- 
- INSTALL(TARGETS ${TARGET_CLIENT} DESTINATION ${LIB_INSTALL_DIR})
--- 
-2.1.4
diff --git a/meta-security/recipes-security/security-manager/security-manager_git.bb b/meta-security/recipes-security/security-manager/security-manager_git.bb

index 3cbc3ae..f438ea5 100644 (file)
--- a/meta-security/recipes-security/security-manager/security-manager_git.bb
+++ b/meta-security/recipes-security/security-manager/security-manager_git.bb
@@ -6,32 +6,20 @@ SRC_URI += "git://github.com/Samsung/security-manager.git"
  S = "${WORKDIR}/git"
  
  SRC_URI += " \
  S = "${WORKDIR}/git"
  
  SRC_URI += " \
-file://systemd-stop-using-compat-libs.patch \
-file://security-manager-policy-reload-do-not-depend-on-GNU-.patch \
-file://0001-Smack-rules-create-two-new-functions.patch \
-file://0002-app-install-implement-multiple-set-of-smack-rules.patch \
-file://c-11-replace-depracated-auto_ptr.patch \
-file://socket-manager-removes-tizen-specific-call.patch \
-file://Removing-tizen-platform-config.patch \
-file://removes-dependency-to-libslp-db-utils.patch \
-file://0001-Fix-gcc8-warning-error-Werror-catch-value.patch \
-file://0001-Avoid-casting-from-const-T-to-void.patch \
-"
-
-##########################################
-# This are patches for backward compatibility to the version dizzy of poky.
-# The dizzy version of libcap isn't providing a packconfig file.
-# This is solved by the patch libcap-without-pkgconfig.patch.
-# But after solving that issue, it appears that linux/xattr.h should
-# also be include add definitions of XATTR_NAME_SMACK... values.
-# Unfortunately, there is no explanation why linux/xattr.h should
-# also be included (patch include-linux-xattr.patch)
-##########################################
-do_patch[depends] = "libcap:do_populate_sysroot"
-APPLY = "${@str('no' if os.path.exists('${STAGING_LIBDIR}/pkgconfig/libcap.pc') else 'yes')}"
-SRC_URI += "\
-  file://libcap-without-pkgconfig.patch;apply=${APPLY} \
-  file://include-linux-xattr.patch;apply=${APPLY} \
+   file://0001-systemd-stop-using-compat-libs.patch \
+   file://0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch \
+   file://0003-Smack-rules-create-two-new-functions.patch \
+   file://0004-app-install-implement-multiple-set-of-smack-rules.patch \
+   file://0005-c-11-replace-deprecated-auto_ptr.patch \
+   file://0006-socket-manager-removes-tizen-specific-call.patch \
+   file://0007-removes-dependency-to-libslp-db-utils.patch \
+   file://0008-Fix-gcc6-build.patch \
+   file://0009-Fix-Cmake-conf-for-gcc6-build.patch \
+   file://0010-gcc-7-requires-include-functional-for-std-function.patch \
+   file://0011-Fix-gcc8-warning-error-Werror-catch-value.patch \
+   file://0012-Avoid-casting-from-const-T-to-void.patch \
+   file://0013-Removing-tizen-platform-config.patch \
+   file://0014-Ensure-post-install-initialization-of-database.patch \
  "
  
  # Use make with cmake and not ninja
  "
  
  # Use make with cmake and not ninja
author	José Bollo <jose.bollo@iot.bzh>
	Tue, 26 Nov 2019 14:21:18 +0000 (15:21 +0100)
committer	Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
	Tue, 3 Dec 2019 16:44:27 +0000 (16:44 +0000)
meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch	[deleted file]	patch \| blob \| history
meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service	[deleted file]	patch \| blob \| history
meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh	[deleted file]	patch \| blob \| history
meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend		patch \| blob \| history
meta-app-framework/recipes-security/security-manager/security-manager_git.bbappend	[deleted file]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager.inc		patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0001-systemd-stop-using-compat-libs.patch	[moved from meta-security/recipes-security/security-manager/security-manager/systemd-stop-using-compat-libs.patch with 90% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0002-security-manager-policy-reload-do-not-depend-on-GNU-.patch	[moved from meta-security/recipes-security/security-manager/security-manager/security-manager-policy-reload-do-not-depend-on-GNU-.patch with 89% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch	[moved from meta-security/recipes-security/security-manager/security-manager/0001-Smack-rules-create-two-new-functions.patch with 90% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0004-app-install-implement-multiple-set-of-smack-rules.patch	[moved from meta-security/recipes-security/security-manager/security-manager/0002-app-install-implement-multiple-set-of-smack-rules.patch with 90% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0005-c-11-replace-deprecated-auto_ptr.patch	[moved from meta-security/recipes-security/security-manager/security-manager/c-11-replace-depracated-auto_ptr.patch with 88% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0006-socket-manager-removes-tizen-specific-call.patch	[moved from meta-security/recipes-security/security-manager/security-manager/socket-manager-removes-tizen-specific-call.patch with 87% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0007-removes-dependency-to-libslp-db-utils.patch	[moved from meta-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch with 86% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0008-Fix-gcc6-build.patch	[moved from meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch with 83% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0009-Fix-Cmake-conf-for-gcc6-build.patch	[moved from meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch with 85% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0010-gcc-7-requires-include-functional-for-std-function.patch	[moved from meta-app-framework/recipes-core/security-manager/security-manager/0001-gcc-7-requires-include-functional-for-std-function.patch with 90% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0011-Fix-gcc8-warning-error-Werror-catch-value.patch	[moved from meta-security/recipes-security/security-manager/security-manager/0001-Fix-gcc8-warning-error-Werror-catch-value.patch with 87% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0012-Avoid-casting-from-const-T-to-void.patch	[moved from meta-security/recipes-security/security-manager/security-manager/0001-Avoid-casting-from-const-T-to-void.patch with 90% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0013-Removing-tizen-platform-config.patch	[moved from meta-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch with 56% similarity]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/0014-Ensure-post-install-initialization-of-database.patch	[new file with mode: 0644]	patch \| blob
meta-security/recipes-security/security-manager/security-manager/include-linux-xattr.patch	[deleted file]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager/libcap-without-pkgconfig.patch	[deleted file]	patch \| blob \| history
meta-security/recipes-security/security-manager/security-manager_git.bb		patch \| blob \| history