Only one default permission is used now:
"urn:AGL:token:valid" that is used to check
token validity.
This adds in the cynagora database the rule
SMACKID * * urn:AGL:token:valid yes forever
That means that applications having a smack label
installed by the framework behave as if they have
a valid token, a token without any scope/permission
but just valid.
This is needed during the transition to token based
permission policy.
Bug-AGL: SPEC-2968
Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
static uint32_t *port_bits = NULL;
+static const char *default_permissions[] = {
+ "urn:AGL:token:valid"
+};
+
/*
* normalize unit files: remove comments, remove heading blanks,
* make single lines
perm = next_usable_permission();
}
+ /* install default permissions */
+ n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+ for (i = 0 ; i < n ; i++) {
+ perm = default_permissions[i];
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ }
+
rc = secmgr_install();
return rc;
error2: