Change dummy file used in privacy-mount.

- Previously, /dev/null is used for dummy file mount.
- No error was returned, in case un-privileged app process tried
  to access there.
- To create an error, the dummy file which only root processes
  can be accessed is used for privacy-mount.

Change-Id: If7a31f66420d1311e278e52911a67e4aa94f7696

diff --git a/config/update_privacy_mount_list.sh b/config/update_privacy_mount_list.sh
index 58d20e7807db991e0ed00fd5569f662212b5509c..526a7e71dcc03dae2e58034fc1000ac607e9645f 100644 (file)
--- a/config/update_privacy_mount_list.sh
+++ b/config/update_privacy_mount_list.sh
@@ -6,7 +6,7 @@ PRIVACY_LIST="/usr/share/security-config/privacy.list"
 PRIVILEGE_GROUP_LIST="/usr/share/security-manager/policy/privilege-group.list"
 PRIVILEGE_MOUNT_LIST="/usr/share/security-manager/policy/privilege-mount.list"
 DUMMY_DIR="/usr/share/security-manager/dummy"
-DUMMY_FILE="/dev/null"
+DUMMY_FILE="/opt/share/security-config/dummy_file"
 
 # function : check whether this is a sub directory or file of previous ones : To avoid the meaningless cynara check and bind mount
 # args : $1 : privilege, $2 : directory

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index a3ffbc335acd75d3a39c9d766434726d78ff38fa..74b69151f9db73739bb3384392f7ec80b926b442 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -75,6 +75,8 @@ mkdir -p /opt/share/security-config/log
 touch /opt/share/askuser_disable
 chmod 600 /opt/share/askuser_disable
 ln -s %{SECURITY_TEST_DIR} /opt/share/security-config/test
+touch /opt/share/security-config/dummy_file
+chmod 600 /opt/share/security-config/dummy_file
 
 %post profile_mobile
 mv %{SECURITY_TEST_DIR}//capability_test/mobile/* %{SECURITY_TEST_DIR}/capability_test/