#!/bin/sh
+DBSPACE=/opt/dbspace
+DBSPACE_RW=/opt/usr/dbspace
+APPS_DIR=/opt/apps
+SHARE_DIR=/opt/share
+
chown 5000:5000 /home/app
find /home/app -print0 | xargs -0 chsmack -a 'system::homedir'
find /home/app -type d -print0 | xargs -0 chsmack -t
-chsmack -a 'system::vconf' /opt/var/kdb/db
-chsmack -t /opt/var/kdb/db
+find /opt/usr/media -print0 | xargs -0 chsmack -a 'system::media'
+find /opt/usr/media -type d -print0 | xargs -0 chsmack -t
-# set vconf label when first boot
-if [ ! -e /opt/etc/.vconf_labeling ]; then
- find /opt/var/kdb/db -print0 | xargs -0 chsmack -a 'system::vconf'
- find /opt/var/kdb/db -type d -print0 | xargs -0 chsmack -t
- find /opt/var/kdb/file -print0 | xargs -0 chsmack -a 'system::vconf'
- find /opt/var/kdb/file -type d -print0 | xargs -0 chsmack -t
- find /var/run/memory -print0 | xargs -0 chsmack -a 'system::vconf'
- find /var/run/memory -type d -print0 | xargs -0 chsmack -t
- touch /opt/etc/.vconf_labeling
+chsmack -a 'system::share' /dev/shm
+chsmack -t /dev/shm
+
+if [ ! -e /opt/etc/.pkg_smack ]; then
+ /usr/bin/pkg_smack
+ touch /opt/etc/.pkg_smack
fi
+# set vconf label when first boot
+#if [ ! -e /opt/etc/.vconf_labeling ]; then
+# chsmack -a 'system::vconf' /opt/var/kdb/db
+# chsmack -t /opt/var/kdb/db
+# find /opt/var/kdb/db -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /opt/var/kdb/db -type d -print0 | xargs -0 chsmack -t
+# find /opt/var/kdb/file -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /opt/var/kdb/file -type d -print0 | xargs -0 chsmack -t
+# find /var/run/memory -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /var/run/memory -type d -print0 | xargs -0 chsmack -t
+# touch /opt/etc/.vconf_labeling
+#fi
+
# Set device node permissions for security
-chsmack -a 'system::camera' /dev/video1
-chsmack -a 'system::camera' /dev/s3c-jpg
-chsmack -a 'system::app_logging' /dev/log_main
-chsmack -a 'system::app_logging' /dev/log_events
-chsmack -a 'system::app_logging' /dev/log_radio
-chsmack -a 'system::sys_logging' /dev/log_system
-chsmack -a 'system::audio' /dev/snd/
-chsmack -a 'system::audio' /dev/snd/controlC0
-chsmack -a 'system::audio' /dev/snd/pcmC0D0p
-chsmack -a 'system::audio' /dev/snd/pcmC0D1p
-chsmack -a 'system::audio' /dev/snd/pcmC0D2p
-chsmack -a 'system::audio' /dev/snd/pcmC0D3p
-chsmack -a 'system::audio' /dev/snd/timer
-chsmack -a 'system::recording' /dev/snd/pcmC0D0c
-chsmack -a 'system::recording' /dev/snd/pcmC0D1c
-chsmack -a 'system::recording' /dev/snd/pcmC0D2c
-chsmack -a 'system::recording' /dev/snd/pcmC0D3c
-chsmack -a 'system::hwcodec' /dev/s3c-mfc
-chsmack -a 'system::hwcodec' /dev/video5
-chsmack -a 'system::hwcodec' /dev/video6
-chsmack -a 'system::video' /dev/fb0
-chsmack -a 'system::video' /dev/video0
-chsmack -a 'system::video' /dev/video2
-chsmack -a 'system::video' /dev/video3
-chsmack -a 'system::video' /dev/s3c-mem
-chsmack -a 'system::radio' /dev/radio0
-chsmack -a 'system::system_bklight' /sys/class/backlight/*/brightness
-chsmack -a 'system::system_torch' /sys/class/leds/leds-torch/brightness
+#chsmack -a 'system::system_bklight' /sys/class/backlight/*/brightness
+#chsmack -a '*' /sys/class/haptic/motor/level
+#chsmack -a '*' /sys/class/haptic/motor/enable
+#chsmack -a '*' /sys/class/haptic/motor/oneshot
+#chsmack -a '*' /sys/class/extension/mdnie/mode
+#chsmack -a '*' /sys/class/extension/mdnie/scenario
+#chsmack -a '*' /sys/class/extension/mdnie/tone
+#chsmack -a '*' /sys/class/extension/mdnie/outdoor
+#chsmack -a '*' /sys/class/extension/mdnie/tune
+#chsmack -a '*' /sys/class/camera/flash/rear_flash
+#chsmack -a '*' /sys/class/camera/flash/max_brightness
echo "0.0.0.0/1 system::use_internet" >> /smack/netlabel
echo "128.0.0.0/1 system::use_internet" >> /smack/netlabel
echo "127.0.0.1 -CIPSO" >> /smack/netlabel
echo "192.168.129.1 @" >> /smack/netlabel
+echo "system::use_internet" > /smack/ambient
# Set label to database files
-chsmack -a 'ail::db' /opt/dbspace/.app_info.db*
-chsmack -a 'media-data::db' /opt/dbspace/.media.db*
-chsmack -a 'syspopup::db' /opt/dbspace/.syspopup.db*
-chsmack -a 'notification::db' /opt/dbspace/.notification.db*
-chsmack -a 'rua::db' /opt/dbspace/.rua.db*
-chsmack -a 'libaccounts-svc::db' /opt/dbspace/.account.db*
-chsmack -a 'wrt-security::db_ace' /opt/dbspace/.ace.db*
-chsmack -a 'wrt-security::db_vcore' /opt/dbspace/.vcore.db*
-chsmack -a 'libslp-alarm::db' /opt/dbspace/.alarm.db*
-chsmack -a 'alarm-server::db' /opt/dbspace/.alarmmgr.db*
-chsmack -a 'app-svc::db' /opt/dbspace/.appsvc.db*
-chsmack -a 'allshare::db' /opt/dbspace/.asf_server.db*
-chsmack -a 'libsocial-service::db' /opt/dbspace/.urlcache.db*
-chsmack -a 'aul::db' /opt/dbspace/.mida.db*
-chsmack -a 'wrt-commons::db_wrt' /opt/dbspace/.wrt.db*
-chsmack -a 'wrt-commons::db_wrt_autosave' /opt/dbspace/.wrt_autosave.db*
-chsmack -a 'msg-service::db' /opt/dbspace/.msg_service.db*
-chsmack -a 'calendar-service::db' /opt/usr/dbspace/.calendar-svc.db*
-chsmack -a 'email-service::db' /opt/dbspace/.email-service.db*
-chsmack -a 'push-service::db' /opt/dbspace/.push.db*
-chsmack -a 'browser::db_external' /opt/dbspace/.browser-history.db*
-chsmack -a 'browser::db_external' /opt/dbspace/.internet_bookmark.db*
-chsmack -a 'browser::db' /opt/apps/org.tizen.browser/data/db/.browser*
-chsmack -a 'mdm-server::db' /opt/dbspace/.mdm.db*
-chsmack -a 'eas-engine::db' /opt/dbspace/.eas-common.db*
-chsmack -a 'drmfw::db' /opt/dbspace/.drm.db*
-chsmack -a 'telephony_framework::db' /opt/dbspace/.dnet.db*
-chsmack -a 'bt_share::db' /opt/dbspace/.bluetooth_trasnfer.db*
-chsmack -a 'contacts-service::db' /opt/dbspace/.contacts-svc.db*
-chsmack -a 'oma-dm-service::db' /opt/dbspace/.dm_service.db*
-chsmack -a 'drmfw::db' /opt/dbspace/.dsapps.db*
-chsmack -a 'kies-via-wifi::db' /opt/dbspace/.kies_device.db*
-chsmack -a 'telephony_framework::db' /opt/dbspace/.mcc_mnc_oper_list.db*
-chsmack -a 'libslp-memo::db' /opt/dbspace/.memo.db*
-chsmack -a 'oma-dm-service::db' /opt/dbspace/.momanager.db*
-chsmack -a 'mss-server::db' /opt/dbspace/.mss_server.db*
-chsmack -a 'oma-dm-service::db' /opt/dbspace/.omadmagent.db*
-chsmack -a 'oma-ds-service::db' /opt/dbspace/.omasyncagent.db*
-chsmack -a 'phone-misc::db' /opt/dbspace/.phone-misc.db*
-chsmack -a 'webkit::db' /opt/dbspace/.webkit
-chsmack -a 'webkit::db' /opt/dbspace/.webkit/*
-chsmack -a 'worldclock::db' /opt/dbspace/.worldclock.db*
-chsmack -a 'resman::db' /opt/dbspace/.resman.db*
+chsmack -a 'libaccounts-svc::db' $DBSPACE/.account.db*
+#chsmack -a 'wrt-security::db_ace' $DBSPACE/.ace.db*
+chsmack -a 'libslp-alarm::db' $DBSPACE/.alarm.db*
+chsmack -a 'alarm-server::db' $DBSPACE/.alarmmgr.db*
+chsmack -a 'ail::db' $DBSPACE/.app_info.db*
+chsmack -a 'app-svc::db' $DBSPACE/.appsvc.db*
+chsmack -a 'bt_share::db' $DBSPACE/.bluetooth_trasnfer.db*
+chsmack -a 'telephony_framework::db' $DBSPACE/.dnet.db*
+chsmack -a 'telephony_framework::db' $DBSPACE/.mcc_mnc_oper_list.db*
+chsmack -a 'libslp-memo::db' $DBSPACE/.memo.db*
+chsmack -a 'aul::db' $DBSPACE/.mida.db*
+chsmack -a 'notification::db' $DBSPACE/.notification.db*
+chsmack -a 'push-service::db' $DBSPACE/.push.db*
+chsmack -a 'rua::db' $DBSPACE/.rua.db*
+chsmack -a 'syspopup::db' $DBSPACE/.syspopup.db*
+chsmack -a 'worldclock::db' $DBSPACE/.worldclock.db*
+chsmack -a 'wrt-commons::db_wrt' $DBSPACE/.wrt.db*
+chsmack -a 'wrt-commons::db_wrt_autosave' $DBSPACE/.wrt_autosave.db*
-# set app db label
-chsmack -a 'live-magazine::db' /opt/dbspace/.magazine.db*
-chsmack -a 'live-magazine::data' /opt/live/etc
-chsmack -t /opt/live/etc
-find /opt/share/live_magazine -print0 | xargs -0 chsmack -a 'live-magazine::data'
-find /opt/share/live_magazine -type d -print0 | xargs -0 chsmack -t
-chsmack -a 'dailybriefing' /opt/apps/com.samsung.dailybriefing-common/data/db/*
-chsmack -a 'menu-screen' /opt/apps/com.samsung.menu-screen/data/.menu.db*
+chsmack -a 'browser::db_external' $DBSPACE_RW/.browser-history.db*
+chsmack -a 'calendar-service::db' $DBSPACE_RW/.calendar-svc.db*
+chsmack -a 'contacts-service::db' $DBSPACE_RW/.contacts-svc.db*
+chsmack -a 'email-service::db' $DBSPACE_RW/.email-service.db*
+chsmack -a 'browser::db_external' $DBSPACE_RW/.internet_bookmark.db*
+chsmack -a 'media-data::db' $DBSPACE_RW/.media.db*
+chsmack -a 'msg-service::db' $DBSPACE_RW/.msg_service.db*
+chsmack -a 'browser::db' $APPS_DIR/org.tizen.browser/data/db/.browser*
projects / platform / core / security / libprivilege-control.git / blobdiff