From: José Bollo Date: Tue, 26 Nov 2019 20:27:44 +0000 (+0100) Subject: wgtpkg-install: Add default permissions X-Git-Tag: 8.99.2~3 X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?p=src%2Fapp-framework-main.git;a=commitdiff_plain;h=581f99c340d6b697b3b503df683e4bdeb59736d1 wgtpkg-install: Add default permissions Only one default permission is used now: "urn:AGL:token:valid" that is used to check token validity. This adds in the cynagora database the rule SMACKID * * urn:AGL:token:valid yes forever That means that applications having a smack label installed by the framework behave as if they have a valid token, a token without any scope/permission but just valid. This is needed during the transition to token based permission policy. Bug-AGL: SPEC-2968 Change-Id: Ia5b1cc50e8308bfc29906346c5b159dca889519b Signed-off-by: José Bollo --- diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index bbeb2fe..0122eda 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -67,6 +67,10 @@ static const char key_http_port[] = "http-port"; static uint32_t *port_bits = NULL; +static const char *default_permissions[] = { + "urn:AGL:token:valid" +}; + /* * normalize unit files: remove comments, remove heading blanks, * make single lines @@ -527,6 +531,16 @@ static int install_security(const struct wgt_desc *desc) perm = next_usable_permission(); } + /* install default permissions */ + n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions); + for (i = 0 ; i < n ; i++) { + perm = default_permissions[i]; + rc = secmgr_permit(perm); + INFO("permitting %s %s", perm, rc ? "FAILED!" : "success"); + if (rc) + goto error2; + } + rc = secmgr_install(); return rc; error2: