provided.inc: Fix smack label of sockets
[src/app-framework-main.git] / conf / unit / afm-unit.conf.in
1 ;---------------------------------------------------------------------------------
2 ; File:
3 ;
4 ;    afm-unit.conf
5 ;
6 ; Mode:
7 ;
8 ;    RELEASE
9 ;
10 ; Role:
11 ;
12 ;    Configure how installation of widget produces unit files for systemd
13 ;
14 ; Processing and format:
15 ;
16 ;    1. File load
17 ;
18 ;           Lines beginning with ; are firstly removed
19 ;
20 ;    2. File instantiation
21 ;
22 ;           Mustache (extended) substitutions are applied using JSON
23 ;           data deduced from config.xml file of the widget.
24 ;
25 ;    3. Extraction of units
26 ;
27 ;           Extract produced units, pack it (remove empty lines and directives)
28 ;
29 ; Directives:
30 ;
31 ;    Any directive occupy one whole line starting with %
32 ;
33 ;     - %nl
34 ;
35 ;             produce an empty line at the end
36 ;
37 ;     - %begin systemd-unit
38 ;     - %end systemd-unit
39 ;
40 ;             delimit the produced unit
41 ;
42 ;     - %systemd-unit user
43 ;     - %systemd-unit system
44 ;
45 ;             tells the kind of unit (user/system)
46 ;
47 ;     - %systemd-unit service NAME
48 ;     - %systemd-unit socket NAME
49 ;
50 ;             gives the name and type of the unit
51 ;
52 ;     - %systemd-unit wanted-by NAME
53 ;
54 ;             tells to install a link to unit in the wants of NAME
55 ;
56 ; Setting variables:
57 ;
58 ;    AFM uses the feature of systemd that completely ignores options prefixed
59 ;    with X-
60 ;
61 ;    Consequently, options starting with X-AFM- are recorded as public data
62 ;    about the application and options starting starting with X-AFM-- are
63 ;    recorded as private data.
64 ;
65 ;    Examples:
66 ;
67 ;        X-AFM-description={{description}}
68 ;
69 ;              Records the description of the unit in the field "description"
70 ;              of both the public and private object describing the unit.
71 ;
72 ;        X-AFM--wgtdir={{:#metadata.install-dir}}
73 ;
74 ;              Records the installation directory path in the field "wgtdir"
75 ;              of the private object only.
76 ;
77 ;---------------------------------------------------------------------------------
78 {{#targets}}
79 ;---------------------------------------------------------------------------------
80 ;----         M A I N    P A R T    O F   T H E   S E R V I C E               ----
81 ;---------------------------------------------------------------------------------
82 %begin systemd-unit
83 # auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
84 %nl
85 %systemd-unit system
86 %systemd-unit service afm-{{#required-permission.urn:AGL:permission::public:hidden}}service{{/required-permission.urn:AGL:permission::public:hidden}}{{^required-permission.urn:AGL:permission::public:hidden}}appli{{/required-permission.urn:AGL:permission::public:hidden}}-{{:id}}--{{:ver}}--{{:#target}}@
87 [Unit]
88 Description={{description}}
89 X-AFM-description={{description}}
90 X-AFM-name={{name.content}}
91 X-AFM-shortname={{name.short}}
92 X-AFM-id={{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}
93 X-AFM-version={{:version}}
94 X-AFM-author={{author.content}}
95 X-AFM-author-email={{author.email}}
96 X-AFM-width={{width}}
97 X-AFM-height={{height}}
98 {{#icon}}
99 X-AFM-icon={{:#metadata.install-dir}}/{{:src}}
100 {{/icon}}
101 X-AFM--ID={{:id}}
102 X-AFM--target-name={{:#target}}
103 X-AFM--content={{content.src}}
104 X-AFM--type={{content.type}}
105 X-AFM--wgtdir={{:#metadata.install-dir}}
106 X-AFM--workdir=/home/%i/app-data/{{:id}}
107 %nl
108 Requires=afm-user-session@%i.target
109 After=user@%i.service
110 # Adds check to smack
111 ConditionSecurity=smack
112 %nl
113 # Automatic bound to required api
114 {{#required-api}}
115 {{#value=auto|ws}}
116 BindsTo=afm-api-ws-{{name}}@%i.socket
117 After=afm-api-ws-{{name}}@%i.socket
118 {{/value=auto|ws}}
119 {{/required-api}}
120 {{#provided-api}}
121 {{#value=ws|auto}}
122 Requires=afm-api-ws-{{name}}@%i.socket
123 After=afm-api-ws-{{name}}@%i.socket
124 {{/value=ws|auto}}
125 {{/provided-api}}
126 %nl
127 [Service]
128 EnvironmentFile=-@afm_confdir@/unit.env.d/*
129 SmackProcessLabel=User::App::{{:id}}
130 SuccessExitStatus=0 SIGKILL
131 User=%i
132 Slice=user-%i.slice
133 #CapabilityBoundingSet=
134 #AmbientCapabilities=
135 {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
136 {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
137 {{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
138 {{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}}
139 %nl
140 WorkingDirectory=-/home/%i/app-data/{{:id}}
141 ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}}
142 Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
143 Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}/bin
144 Environment=LD_LIBRARY_PATH={{:#metadata.install-dir}}/lib
145 Environment=XDG_DATA_HOME=/home/%i/app-data/{{:id}}
146 Environment=XDG_CONFIG_HOME=/home/%i/app-data/{{:id}}
147 Environment=XDG_CACHE_HOME=/home/%i/app-data/{{:id}}
148 Environment=XDG_RUNTIME_DIR=@afm_users_rundir@/%i
149 Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=@afm_users_rundir@/%i/bus
150 SyslogIdentifier=afbd-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}
151 StandardInput=null
152 StandardOutput=journal
153 StandardError=journal
154 ;---------------------------------------------------------------------------------
155 ;----   text/html  application/vnd.agl.native  application/vnd.agl.service    ----
156 ;---------------------------------------------------------------------------------
157 {{#content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}}
158 {{^content.type=application/vnd.agl.service}}
159 X-AFM--http-port={{:#metadata.http-port}}
160 {{/content.type=application/vnd.agl.service}}
161 Type=notify
162 ExecStart=/usr/bin/afb-daemon \
163         --name afbd-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} \
164         --rootdir={{:#metadata.install-dir}} \
165         --workdir=/home/%i/app-data/{{id}} \
166         {{#content.type=application/vnd.agl.service}} \
167                 --no-httpd \
168         {{/content.type=application/vnd.agl.service}}{{^content.type=application/vnd.agl.service}} \
169                 --port={{:#metadata.http-port}} \
170                 --random-token \
171                 --roothttp={{#required-permission.urn:AGL:permission::public:no-htdocs}}.{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{^required-permission.urn:AGL:permission::public:no-htdocs}}htdocs{{/required-permission.urn:AGL:permission::public:no-htdocs}} \
172         {{/content.type=application/vnd.agl.service}} \
173         {{#required-permission.urn:AGL:permission::public:applications:read}}--alias=/icons:{{:#metadata.icons-dir}}{{/required-permission.urn:AGL:permission::public:applications:read}} \
174         {{#required-api}} \
175                 {{#value=auto|ws}}--ws-client=unix:@afm_users_rundir@/%i/apis/ws/{{name}}{{/value=auto|ws}} \
176                 {{#value=dbus}}--dbus-client={{name}}{{/value=dbus}} \
177                 {{#value=link}}--binding=@afm_users_rundir@/%i/apis/lib/{{name}}{{/value=link}} \
178                 {{#value=cloud}}--cloud-client={{name}}{{/value=cloud}} \
179                 {{#value=local}}--binding={{:#metadata.install-dir}}/{{name}}{{/value=local}} \
180         {{/required-api}} \
181         {{#provided-api}} \
182                 {{#value=auto|ws}}--ws-server=sd:{{name}}{{/value=auto|ws}} \
183                 {{#value=dbus}}--dbus-server={{name}}{{/value=dbus}} \
184         {{/provided-api}} \
185         {{#content.type=text/html}}--exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t{{/content.type=text/html}} \
186         {{#content.type=application/vnd.agl.native}}--exec {{:#metadata.install-dir}}/{{content.src}} @p @t{{/content.type=application/vnd.agl.native}}
187 {{/content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}}
188 ;---------------------------------------------------------------------------------
189 ;----                 application/x-executable                                ----
190 ;---------------------------------------------------------------------------------
191 {{#content.type=application/x-executable}}
192 ExecStart={{:#metadata.install-dir}}/{{content.src}}
193 {{/content.type=application/x-executable}}
194 {{#required-permission.urn:AGL:permission::system:run-by-default}}
195 ;---------------------------------------------------------------------------------
196 ; auto start
197 ;---------------------------------------------------------------------------------
198 [Install]
199 WantedBy=afm-user-session@.target
200 %systemd-unit wanted-by afm-user-session@.target
201 {{/required-permission.urn:AGL:permission::system:run-by-default}}
202 %end systemd-unit
203 ;---------------------------------------------------------------------------------
204 ;----        P R O V I D E D   A P I S                                        ----
205 ;---------------------------------------------------------------------------------
206 {{#provided-api}}
207 {{#value=ws|auto}}
208 %begin systemd-unit
209 # auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
210 %systemd-unit system
211 %systemd-unit socket afm-api-ws-{{name}}@
212 [Unit]
213 Description=Provides api {{name}} for user %i
214 After=user@%i.service
215 DefaultDependencies=no
216 [Socket]
217 SmackLabel=*
218 SmackLabelIPIn=System
219 SmackLabelIPOut=System
220 ListenStream=@afm_users_rundir@/%i/apis/ws/{{name}}
221 FileDescriptorName={{name}}
222 Service=afm-{{#required-permission.urn:AGL:permission::public:hidden}}service{{/required-permission.urn:AGL:permission::public:hidden}}{{^required-permission.urn:AGL:permission::public:hidden}}appli{{/required-permission.urn:AGL:permission::public:hidden}}-{{:id}}--{{:ver}}--{{:#target}}@%i.service
223 %nl
224 [Install]
225 WantedBy=afm-user-session@.target
226 %systemd-unit wanted-by afm-user-session@.target
227 %end systemd-unit
228 {{/value=ws|auto}}
229 {{/provided-api}}
230 {{/targets}}
231 ;---------------------------------------------------------------------------------
232 ; End of file afm-unit.conf mode RELEASE
233 ;---------------------------------------------------------------------------------