From: José Bollo <jose.bollo@iot.bzh>
Date: Tue, 3 Dec 2019 14:04:02 +0000 (+0100)
Subject: Introduce localuser interface for applications
X-Git-Tag: 8.99.2^0
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=653562e1449c935f087d2d8265081eeac1cd73b4;p=src%2Fapp-framework-main.git

Introduce localuser interface for applications

This change make use of nss-localuser hostname
family (see https://git.automotivelinux.org/src/nss-localuser/)
to separate applications and users, each running its
own IP address and hostname.

The intended behaviour is to use existing browser policy to
ensure privacy of applications and users.

Bug-AGL: SPEC-2968

Change-Id: Ie1a3c7331fd43e8747afae2cd338df461bac1454
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---

diff --git a/conf/unit/binder.inc b/conf/unit/binder.inc
index ba5049e..81758fc 100644
--- a/conf/unit/binder.inc
+++ b/conf/unit/binder.inc
@@ -18,12 +18,14 @@ IF_AGL_DEVEL \
 	--verbose \
 	--monitoring \
 	--port={{:#metatarget.http-port}} \
+	--interface=tcp:LOCALUSERAPP:8080 \
 	--roothttp=ON_CONTENT(application/vnd.agl.service, ., ON_PERM(:public:no-htdocs, ., htdocs)) \
 ELSE \
 	IF_CONTENT(application/vnd.agl.service) \
 		--no-httpd \
 	ELSE \
 		--port={{:#metatarget.http-port}} \
+		--interface=tcp:LOCALUSERAPP:8080 \
 		--roothttp=ON_PERM(:public:no-htdocs, ., htdocs) \
 	ENDIF \
 ENDIF \
@@ -45,6 +47,6 @@ ENDIF \
 		ON_VALUE(tcp,		--ws-server=tcp:{{name}}) \
 	{{/provided-api}} \
 	ON_PERM(:platform:apis:auto-ws, --auto-api=API_PATH_WS) \
-	ON_CONTENT(text/html,			--exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t) \
+	ON_CONTENT(text/html,			--exec /usr/bin/web-runtime http://LOCALUSERAPP:8080/{{content.src}}) \
 	ON_CONTENT(application/vnd.agl.native,	--exec {{:#metadata.install-dir}}/{{content.src}} @p @t)
 %nl
diff --git a/conf/unit/macros.inc b/conf/unit/macros.inc
index f21dee5..2fc9bc5 100644
--- a/conf/unit/macros.inc
+++ b/conf/unit/macros.inc
@@ -76,6 +76,7 @@ define( `USER_API_PATH', `USER_RUN_DIR/apis')
 define( `USER_API_PATH_WS', `USER_API_PATH/ws')
 define( `USER_API_PATH_LINK', `USER_API_PATH/link')
 
+define( `LOCALUSERAPP', `ON_PERM(`:partner:scope-platform', `localuser---AFID', `localuser--AFID')')
 --------------------------------------------------------------------------------
 -- AGL_DEVEL SPECIFIC PARTS
 --------------------------------------------------------------------------------