wgtpkg-install: Add default permissions

Only one default permission is used now:
"urn:AGL:token:valid" that is used to check
token validity.

This adds in the cynagora database the rule

  SMACKID * * urn:AGL:token:valid yes forever

That means that applications having a smack label
installed by the framework behave as if they have
a valid token, a token without any scope/permission
but just valid.

This is needed during the transition to token based
permission policy.

Bug-AGL: SPEC-2968

Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index bbeb2fe..0122eda 100644 (file)
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port";
 
 static uint32_t *port_bits = NULL;
 
+static const char *default_permissions[] = {
+       "urn:AGL:token:valid"
+};
+
 /*
  * normalize unit files: remove comments, remove heading blanks,
  * make single lines
@@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc)
                perm = next_usable_permission();
        }
 
+       /* install default permissions */
+       n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+       for (i = 0 ; i < n ; i++) {
+               perm = default_permissions[i];
+               rc = secmgr_permit(perm);
+               INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+               if (rc)
+                       goto error2;
+       }
+
        rc = secmgr_install();
        return rc;
 error2: