Chown token file instead of changing oded gid

Ode-fota is executed as system_shared uid/gid. The token file needs proper
access rights to be readable by ode-fota.

Chown() the token file to root:system_shared instead of modifying oded gid.

Change-Id: I83b12d3a95d4b23ed68f97d66d096befe0249c54

diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in
index 02aca38..85e19c6 100644 (file)
--- a/server/systemd/ode.service.in
+++ b/server/systemd/ode.service.in
@@ -4,7 +4,6 @@ Before=deviced.service
 
 [Service]
 Type=simple
-Group=system_share
 SmackProcessLabel=System::Privileged
 ExecStart=@BIN_DIR@/@PROJECT_NAME@d
 Restart=on-failure

diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp
index 1cb33d4..80f1e92 100644 (file)
--- a/server/upgrade-support.cpp
+++ b/server/upgrade-support.cpp
@@ -20,6 +20,7 @@
 #include <dirent.h>
 #include <dlfcn.h>
 #include <fcntl.h>
+#include <unistd.h>
 
 #include <string>
 #include <algorithm>
@@ -28,6 +29,7 @@
 
 #include <klay/filesystem.h>
 #include <klay/exception.h>
+#include <klay/auth/group.h>
 
 #include <rmi/common.h>
 
@@ -50,6 +52,13 @@ const std::string UPGRADE_FLAG_PATH = "/opt/etc/.ode_upgrade_started";
 
 std::mutex opGuard;
 
+gid_t getSystemShareGid()
+{
+       static runtime::Group systemShare("system_share");
+
+       return systemShare.getGid();
+}
+
 // not thread-safe because of static member
 class KeyStoragePlugin {
 public:
@@ -187,6 +196,7 @@ void writeToken(runtime::File &file, const BinaryData& token)
        size_t tokenSize(token.size());
 
        file.create(S_IRUSR | S_IWUSR | S_IRGRP);
+       file.chown(getuid(), getSystemShareGid());
 
        file.write(&tokenSize, sizeof(tokenSize));
        file.write(token.data(), token.size());