From: José Bollo Date: Wed, 23 Mar 2016 13:33:26 +0000 (+0100) Subject: security-manager: Removes agl only adaptations X-Git-Tag: 2.0.0~72 X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?p=AGL%2Fmeta-agl.git;a=commitdiff_plain;h=59e41f594b47570c7d59738c9c38eac42b4cd0d4 security-manager: Removes agl only adaptations These adaptations are now part of meta-intel-iot-security and thus are no more needed here. Change-Id: I0acfb3b7ea572b9805c2d53f70ea0eab0026cdae Signed-off-by: José Bollo --- diff --git a/meta-agl-security/recipes-security/security-manager/README.md b/meta-agl-security/recipes-security/security-manager/README.md deleted file mode 100644 index aeb45d260..000000000 --- a/meta-agl-security/recipes-security/security-manager/README.md +++ /dev/null @@ -1,36 +0,0 @@ -security-manager adaptation for Automotive Grade Linux Distribution -=================================================================== - -This recipe complements the recipes security-manager of the -meta yocto layers: meta-intel-iot-security (see -https://github.com/01org/meta-intel-iot-security) - -This patches are removing dependencies that are specific to Tizen: -* tizen-platform-config -* libslp-db-utils - -The advantages is that this modules are not needed for AGL. - -The -temporary- drawbacks is that the user "userapp" is -hard coded for security-manager. - - -Layer Dependencies ------------------- -URI: git@github.com:01org/meta-intel-iot-security.git -> branch: master -> revision: 0ca70e4954aaeb0e3e3ad502b462bb077023f7e5 - -Enabling --------- - -To enable security manager for AGL, in the local.conf - - IMAGE_INSTALL_append = " security-manager" - -To enable smack see https://github.com/01org/meta-intel-iot-security/tree/master/meta-security-smack -In brief, in the local.conf: - - OVERRIDES .= ":smack" - DISTRO_FEATURES_append = " smack" - diff --git a/meta-agl-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-agl-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch deleted file mode 100644 index 4baea6572..000000000 --- a/meta-agl-security/recipes-security/security-manager/security-manager/Removing-tizen-platform-config.patch +++ /dev/null @@ -1,196 +0,0 @@ -From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Mon, 16 Nov 2015 14:26:25 +0100 -Subject: [PATCH] Removing tizen-platform-config - -Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121 ---- - policy/security-manager-policy-reload | 2 +- - src/common/file-lock.cpp | 4 +--- - src/common/include/file-lock.h | 1 - - src/common/include/privilege_db.h | 3 +-- - src/common/service_impl.cpp | 39 +++++++++++------------------------ - src/common/smack-rules.cpp | 12 ++++------- - 6 files changed, 19 insertions(+), 42 deletions(-) - -diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload -index 6f211c6..ed8047a 100755 ---- a/policy/security-manager-policy-reload -+++ b/policy/security-manager-policy-reload -@@ -2,7 +2,7 @@ - - POLICY_PATH=/usr/share/security-manager/policy - PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list --DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db -+DB_FILE=/usr/dbspace/.security-manager.db - - # Create default buckets - while read bucket default_policy -diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp -index 6f3996c..1dada17 100644 ---- a/src/common/file-lock.cpp -+++ b/src/common/file-lock.cpp -@@ -30,9 +30,7 @@ - - namespace SecurityManager { - --char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN, -- "lock", -- "security-manager.lock"); -+char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock"; - - FileLocker::FileLocker(const std::string &lockFile, bool blocking) - { -diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h -index 604b019..21a86a0 100644 ---- a/src/common/include/file-lock.h -+++ b/src/common/include/file-lock.h -@@ -29,7 +29,6 @@ - - #include - #include --#include - - namespace SecurityManager { - -diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h -index 4d73d90..03c6680 100644 ---- a/src/common/include/privilege_db.h -+++ b/src/common/include/privilege_db.h -@@ -34,14 +34,13 @@ - #include - - #include --#include - - #ifndef PRIVILEGE_DB_H_ - #define PRIVILEGE_DB_H_ - - namespace SecurityManager { - --const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); -+const char *const PRIVILEGE_DB_PATH = "/usr/dbspace/.security-manager.db"; - - enum class QueryType { - EGetPkgPrivileges, -diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp -index ae305d3..65cc8b5 100644 ---- a/src/common/service_impl.cpp -+++ b/src/common/service_impl.cpp -@@ -32,7 +32,6 @@ - #include - - #include --#include - - #include "protocols.h" - #include "privilege_db.h" -@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, - - static uid_t getGlobalUserId(void) - { -- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); -+ static uid_t globaluid = 0; -+ if (!globaluid) { -+ struct passwd pw, *p; -+ char buf[4096]; -+ int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p); -+ globaluid = (rc || p == NULL) ? 555 : p->pw_uid; -+ } - return globaluid; - } - -@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir) - - static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) - { -- struct tzplatform_context *tz_ctx = nullptr; -- -- if (tzplatform_context_create(&tz_ctx)) -- return false; -- -- if (tzplatform_context_set_user(tz_ctx, uid)) { -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -+ struct passwd pw, *p; -+ char buf[4096]; -+ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p); -+ if (rc || p == NULL) - return false; -- } -- -- enum tzplatform_variable id = -- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP; -- const char *appDir = tzplatform_context_getenv(tz_ctx, id); -- if (!appDir) { -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -- return false; -- } -- -- userAppDir = appDir; -- -- tzplatform_context_destroy(tz_ctx); -- tz_ctx = nullptr; -- -+ userAppDir = p->pw_dir; - return true; - } - - static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) - { -- std::string userHome; - std::string userAppDir; - std::stringstream correctPath; - -diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp -index d834e42..8b5728b 100644 ---- a/src/common/smack-rules.cpp -+++ b/src/common/smack-rules.cpp -@@ -34,7 +34,6 @@ - #include - - #include --#include - - #include "smack-labels.h" - #include "smack-rules.h" -@@ -43,7 +42,7 @@ namespace SecurityManager { - - const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~"; - const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~"; --const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack"); -+const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack"; - const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat"; - - SmackRules::SmackRules() -@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector &pkgCon - - std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId) - { -- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str())); -- return path; -+ return "/etc/smack/accesses.d/pkg_" + pkgId; - } - - std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) - { -- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); -- return path; -+ return "/etc/smack/accesses.d/app_" + appId; - } - void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, - const std::vector &pkgContents, const std::vector &privileges) -@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con - for (auto privilege : privileges) { - if (privilege.empty()) - continue; -- std::string fprivilege ( privilege + "-template.smack"); -- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); -+ std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack"; - if( stat(path.c_str(), &buffer) == 0) - smackRules.addFromTemplateFile(appId, pkgId, path); - } --- -2.1.4 - diff --git a/meta-agl-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch b/meta-agl-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch deleted file mode 100644 index f94973074..000000000 --- a/meta-agl-security/recipes-security/security-manager/security-manager/removes-dependency-to-libslp-db-utils.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 1e2f8f58d4320afa1d83a6f94822e53346108ee8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Mon, 16 Nov 2015 15:56:27 +0100 -Subject: [PATCH] removes dependency to libslp-db-utils - -Change-Id: I90471e77d20e04bae58cc42eb2639e4aef97fdec ---- - src/common/CMakeLists.txt | 1 ++- - src/dpl/db/src/sql_connection.cpp | 17 +---------------- - 2 files changed, 3 additions(+), 17 deletions(-) - -diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt -index 968c7c1..d1fe644 100644 ---- a/src/common/CMakeLists.txt -+++ b/src/common/CMakeLists.txt -@@ -5,7 +5,8 @@ PKG_CHECK_MODULES(COMMON_DEP - REQUIRED - libsystemd - libsmack -- db-util -+ sqlite3 -+ icu-i18n - cynara-admin - cynara-client - ) -diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp -index fdb4fe4..1fb97be 100644 ---- a/src/dpl/db/src/sql_connection.cpp -+++ b/src/dpl/db/src/sql_connection.cpp -@@ -26,7 +26,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -606,16 +605,7 @@ void SqlConnection::Connect(const std::string &address, - - // Connect to database - int result; -- if (type & Flag::UseLucene) { -- result = db_util_open_with_options( -- address.c_str(), -- &m_connection, -- flag, -- NULL); -- -- m_usingLucene = true; -- LogPedantic("Lucene index enabled"); -- } else { -+ (void)type; - result = sqlite3_open_v2( - address.c_str(), - &m_connection, -@@ -624,7 +614,6 @@ void SqlConnection::Connect(const std::string &address, - - m_usingLucene = false; - LogPedantic("Lucene index disabled"); -- } - - if (result == SQLITE_OK) { - LogPedantic("Connected to DB"); -@@ -653,11 +642,7 @@ void SqlConnection::Disconnect() - - int result; - -- if (m_usingLucene) { -- result = db_util_close(m_connection); -- } else { - result = sqlite3_close(m_connection); -- } - - if (result != SQLITE_OK) { - const char *error = sqlite3_errmsg(m_connection); --- -2.1.4 - diff --git a/meta-agl-security/recipes-security/security-manager/security-manager_git.bbappend b/meta-agl-security/recipes-security/security-manager/security-manager_git.bbappend deleted file mode 100644 index 28050e817..000000000 --- a/meta-agl-security/recipes-security/security-manager/security-manager_git.bbappend +++ /dev/null @@ -1,20 +0,0 @@ - -FILESEXTRAPATHS_append := ":${THISDIR}/security-manager" - -SRC_URI += " \ - file://Removing-tizen-platform-config.patch \ - file://removes-dependency-to-libslp-db-utils.patch \ -" - -DEPENDS = " \ -attr \ -boost \ -cynara \ -icu \ -libcap \ -smack \ -sqlite3 \ -sqlite3-native \ -systemd \ -" -