Code Review / AGL / meta-agl-devel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 857b333)
pipewire: Rework of security settings 66/23066/1
authorJosé Bollo <jose.bollo@iot.bzh>
Tue, 26 Nov 2019 18:51:47 +0000 (19:51 +0100)
committerJosé Bollo <jose.bollo@iot.bzh>
Tue, 26 Nov 2019 18:51:47 +0000 (19:51 +0100)
This changes is mainly focussed on shifting
from cynara to cynagora permission database.
But it also changes how setting is done
in the hope to make it simpler.

Bug-AGL: SPEC-2993

Change-Id: Ie9085e11560724baf4194fc6d17651d40523bab7
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend [new file with mode: 0644] patch | blob
meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch [deleted file] patch | blob | history
meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch [deleted file] patch | blob | history
meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend patch | blob | history

diff --git a/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
new file mode 100644 (file)
index 0000000..9395c90
--- /dev/null
+++ b/meta-pipewire/recipes-security/cynagora/cynagora_%.bbappend
@@ -0,0 +1,5 @@
+
+do_install_append() {
+   echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial
+}
+
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
deleted file mode 100644 (file)
index 821c1e1..0000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From cc5cbaddad6fe559e9e482467266fb18fb00c6a7 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Wed, 26 Jun 2019 16:02:13 +0300
-Subject: [PATCH] Adapt smack rules to allow connections to pipewire
-
-Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com>
----
- policy/app-rules-template.smack | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack
-index 910f40c..78b75de 100644
---- a/policy/app-rules-template.smack
-+++ b/policy/app-rules-template.smack
-@@ -4,6 +4,7 @@ System ~PKG~ rwxat
- ~APP~ System::Shared rx
- ~APP~ System::Run rwxat
- ~APP~ System::Log rwxa
-+~APP~ System::Pipewire rw
- ~APP~ _ l
- ~APP~ User::Home rxl
- ~APP~ User::App-Shared rwxat
--- 
-2.20.1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch b/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
deleted file mode 100644 (file)
index fbf9ca6..0000000
--- a/meta-pipewire/recipes-security/security-manager/security-manager/0002-Grant-dbus-privilege-to-pipewire.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f95469247c182b3c4b527af04b1ae50658461e85 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Tue, 3 Sep 2019 16:24:49 +0300
-Subject: [PATCH] Grant dbus privilege to pipewire
-
----
- policy/security-manager-policy-reload | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
-index 274c49c..a883048 100755
---- a/policy/security-manager-policy-reload
-+++ b/policy/security-manager-policy-reload
-@@ -59,6 +59,9 @@ do
-     cyad --set-policy --bucket=MANIFESTS --client="$client" --user="*" --privilege="*" --type=ALLOW
- done
-+# PipeWire needs to get access to dbus
-+cyad --set-policy --bucket=MANIFESTS --client="System::Pipewire" --user="*" --privilege="http://tizen.org/privilege/internal/dbus" --type=ALLOW
-+
- # Load privilege-group mappings
- (
- echo "BEGIN;"
--- 
-2.23.0.rc1
-
diff --git a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
index 97d0182..5944944 100644 (file)
--- a/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
+++ b/meta-pipewire/recipes-security/security-manager/security-manager_%.bbappend
@@ -1,5 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
-SRC_URI += "\
-    file://0001-Adapt-smack-rules-to-allow-connections-to-pipewire.patch \
-    file://0002-Grant-dbus-privilege-to-pipewire.patch \
-    "
+
+do_install_append() {
+   echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
+}
meta-agl-devel (Development and Community BSPs)