Introduce localuser interface for applications

This change make use of nss-localuser hostname
family (see https://git.automotivelinux.org/src/nss-localuser/)
to separate applications and users, each running its
own IP address and hostname.

The intended behaviour is to use existing browser policy to
ensure privacy of applications and users.

Bug-AGL: SPEC-2968

Change-Id: Ie1a3c7331fd43e8747afae2cd338df461bac1454
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/conf/unit/binder.inc b/conf/unit/binder.inc
index ba5049e..81758fc 100644 (file)
--- a/conf/unit/binder.inc
+++ b/conf/unit/binder.inc
@@ -18,12 +18,14 @@ IF_AGL_DEVEL \
        --verbose \
        --monitoring \
        --port={{:#metatarget.http-port}} \
+       --interface=tcp:LOCALUSERAPP:8080 \
        --roothttp=ON_CONTENT(application/vnd.agl.service, ., ON_PERM(:public:no-htdocs, ., htdocs)) \
 ELSE \
        IF_CONTENT(application/vnd.agl.service) \
                --no-httpd \
        ELSE \
                --port={{:#metatarget.http-port}} \
+               --interface=tcp:LOCALUSERAPP:8080 \
                --roothttp=ON_PERM(:public:no-htdocs, ., htdocs) \
        ENDIF \
 ENDIF \
@@ -45,6 +47,6 @@ ENDIF \
                ON_VALUE(tcp,           --ws-server=tcp:{{name}}) \
        {{/provided-api}} \
        ON_PERM(:platform:apis:auto-ws, --auto-api=API_PATH_WS) \
-       ON_CONTENT(text/html,                   --exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t) \
+       ON_CONTENT(text/html,                   --exec /usr/bin/web-runtime http://LOCALUSERAPP:8080/{{content.src}}) \
        ON_CONTENT(application/vnd.agl.native,  --exec {{:#metadata.install-dir}}/{{content.src}} @p @t)
 %nl

diff --git a/conf/unit/macros.inc b/conf/unit/macros.inc
index f21dee5..2fc9bc5 100644 (file)
--- a/conf/unit/macros.inc
+++ b/conf/unit/macros.inc
@@ -76,6 +76,7 @@ define( `USER_API_PATH', `USER_RUN_DIR/apis')
 define( `USER_API_PATH_WS', `USER_API_PATH/ws')
 define( `USER_API_PATH_LINK', `USER_API_PATH/link')
 
+define( `LOCALUSERAPP', `ON_PERM(`:partner:scope-platform', `localuser---AFID', `localuser--AFID')')
 --------------------------------------------------------------------------------
 -- AGL_DEVEL SPECIFIC PARTS
 --------------------------------------------------------------------------------