Change installer's subject SMACK label to System

Both global and per-user pkg DB files have SMACK label as
System::Shared, which allows User labeled subjects to read, and System
labeled subjects to read/write.
To write pkg DB files, the SMACK label of the app installers is changed
to System.
Note that the global pkg DB files in /usr/dbspace/ are still protected
with DAC, as their owner is tizenglobalapp.

Change-Id: Ie193da8901a296e6489c4927ac4a0d3510b741f7
Signed-off-by: Youmin Ha <youmin.ha@samsung.com>

diff --git a/packaging/tpk-backend.manifest b/packaging/tpk-backend.manifest
index 925f49b..2e74c2c 100644 (file)
--- a/packaging/tpk-backend.manifest
+++ b/packaging/tpk-backend.manifest
@@ -3,6 +3,6 @@
                 <domain name="_" />
         </request>
         <assign>
-                <filesystem path="/usr/bin/tpk-backend" exec_label="User" />
+                <filesystem path="/usr/bin/tpk-backend" exec_label="System" />
         </assign>
 </manifest>

diff --git a/packaging/wgt-backend.manifest b/packaging/wgt-backend.manifest
index 55125da..41399fb 100644 (file)
--- a/packaging/wgt-backend.manifest
+++ b/packaging/wgt-backend.manifest
@@ -3,6 +3,6 @@
                 <domain name="_" />
         </request>
         <assign>
-                <filesystem path="/usr/bin/wgt-backend" exec_label="User" />
+                <filesystem path="/usr/bin/wgt-backend" exec_label="System" />
         </assign>
 </manifest>