Implement adding new WRT rules in libprivilege-control
[Issue#] SSDWSSP-599
[Feature] Introduce new option in perm_app_setup_path which comes
with new enumeration literal to parameter.
[Cause] There is a need for WRT applications to label their own symbolic
link to PluginProcess with label: "<wrt_app_label>.npruntime".
This newly created label should have such smack accesses granted:
<wrt_app_label>.npruntime system::homedir rxat
<wrt_app_label>.npruntime xorg rw
<wrt_app_label>.npruntime <wrt_app_label> rxat
Also app should have the following access also:
<wrt_app_label> <wrt_app_label>.npruntime rw
[Solution] API change: PERM_APP_PATH_NPRUNTIME literal added to enum
"app_path_type_t". Also, middleware can now use it in
perm_app_setup_path to give special EXEC label to executable file
or symbolic link and enable all required accesses.
IMPORTANT: after installing any WRT (WGT) application use:
// ------------------------------------------------
perm_app_setup_path(<wrt_app_id>,
<path_to_symlink>,
PERM_APP_PATH_NPRUNTIME);
// ------------------------------------------------
This will enable required permissions permanently.
[Verification] Build, install on target, run commands:
# sqlite3 /opt/dbspace/.rules-db.db3
sqlite> select * from app_path_type;
sqlite> select * from label_app_path_type_rule_view;
After that verify that there is a row with "NPRUNTIME_PATH" in
the first query result (in app_path_type table), and both
"system::homedir|NPRUNTIME_PATH" and "xorg|NPRUNTIME_PATH"
in the second result.
Also run tests.
Change-Id: I2a3c396c5d8ef38fb49f78fb4c77ec0ec12af57f
projects / platform / core / security / libprivilege-control.git / commit