polkit: add rule to allow agl-driver to control agl-app@ systemd services

Bug-AGL: SPEC-4466
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Change-Id: I8007aacc12f8b6bdfbca660c994d321ef1b5eca7
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27751
Reviewed-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-by: Marius Vlad <marius.vlad@collabora.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

diff --git a/meta-app-framework/recipes-config/polkit-rule-agl-app/files/50-agl-app.rules b/meta-app-framework/recipes-config/polkit-rule-agl-app/files/50-agl-app.rules
new file mode 100644 (file)
index 0000000..5fa34fb
--- /dev/null
+++ b/meta-app-framework/recipes-config/polkit-rule-agl-app/files/50-agl-app.rules
@@ -0,0 +1,7 @@
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.systemd1.manage-units" &&
+        action.lookup("unit").indexOf("agl-app@") == 0 &&
+        subject.user == "agl-driver") {
+        return polkit.Result.YES;
+    }
+});

diff --git a/meta-app-framework/recipes-config/polkit-rule-agl-app/polkit-rule-agl-app.bb b/meta-app-framework/recipes-config/polkit-rule-agl-app/polkit-rule-agl-app.bb
new file mode 100644 (file)
index 0000000..920bb86
--- /dev/null
+++ b/meta-app-framework/recipes-config/polkit-rule-agl-app/polkit-rule-agl-app.bb
@@ -0,0 +1,16 @@
+SUMMARY = "Rule for agl-driver to control agl-app@ services"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://50-agl-app.rules"
+
+DEPENDS += "polkit"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "polkit"
+
+do_install() {
+    install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d
+    chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d
+    install -m 0644 ${WORKDIR}/50-agl-app.rules ${D}${sysconfdir}/polkit-1/rules.d
+}