From: José Bollo <jose.bollo@iot.bzh>
Date: Tue, 26 Nov 2019 20:27:44 +0000 (+0100)
Subject: wgtpkg-install: Add default permissions
X-Git-Tag: 8.99.2~3
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F43%2F23143%2F1;p=src%2Fapp-framework-main.git

wgtpkg-install: Add default permissions

Only one default permission is used now:
"urn:AGL:token:valid" that is used to check
token validity.

This adds in the cynagora database the rule

  SMACKID * * urn:AGL:token:valid yes forever

That means that applications having a smack label
installed by the framework behave as if they have
a valid token, a token without any scope/permission
but just valid.

This is needed during the transition to token based
permission policy.

Bug-AGL: SPEC-2968

Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---

diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index bbeb2fe..0122eda 100644
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port";
 
 static uint32_t *port_bits = NULL;
 
+static const char *default_permissions[] = {
+	"urn:AGL:token:valid"
+};
+
 /*
  * normalize unit files: remove comments, remove heading blanks,
  * make single lines
@@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc)
 		perm = next_usable_permission();
 	}
 
+	/* install default permissions */
+	n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+	for (i = 0 ; i < n ; i++) {
+		perm = default_permissions[i];
+		rc = secmgr_permit(perm);
+		INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+		if (rc)
+			goto error2;
+	}
+
 	rc = secmgr_install();
 	return rc;
 error2: