INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/lib/tmpfiles.d/)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
-INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/10.security.upgrade.sh DESTINATION /usr/share/upgrade/scripts)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/011.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
IF("${PROFILE}" STREQUAL "mobile" OR "${PROFILE}" STREQUAL "wearable")
INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
%attr(755,root,root) /usr/share/security-config/test/path_check_test/*
%attr(755,root,root) /usr/share/security-config/test/smack_basic_test/*
%attr(755,root,root) /usr/share/security-config/test/security_mount_option_test/*
-%attr(755,root,root) /usr/share/upgrade/scripts/10.security.upgrade.sh
+%attr(755,root,root) /usr/share/upgrade/scripts/011.security_upgrade.sh
%attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
%attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
%if ("%{?profile}" == "mobile" || "%{?profile}" == "wearable")
--- /dev/null
+#!/bin/sh
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+#--------------------------------------
+# RW patch for FOTA/FUS upgrade
+#--------------------------------------
+# 2.x rw partition security directoy
+APPLICATION_RULES=/opt/dbspace/.rules_file
+PRIVACY_DB=/opt/dbspace/.privacy.db
+PRIVACY_DB_JOURNAL=/opt/dbspace/.privacy.db-journal
+PRIVACYLIST_DB=/opt/dbspace/.privacylist.db
+PRIVILEGE_CONTROL_CACHE_DIR=/opt/data/privilege-control-cache
+SECURITY_SERVER_DB=/opt/dbspace/.rules-db.db3
+SECURITY_SERVER_DB_JOURNAL=/opt/dbspace/.rules-db.db3-journal
+SECURITY_SERVER_DIR=/opt/data/security-server
+SMACK_LABELING_FLAG_FILES=/opt/data/.smack_*
+
+# 3.0 rw partition security directoy
+AUTH_FW_DIR=/opt/data/auth-fw
+CYNARA_DIR=/opt/var/cynara
+SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
+SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
+SECURITY_MANAGER_DIR=/opt/var/security-manager
+
+
+#--------------------------------------
+# Start
+#--------------------------------------
+# remove non used directories/files
+rm $APPLICATION_RULES
+rm $PRIVACY_DB
+rm $PRIVACY_DB_JOURNAL
+rm $PRIVACYLIST_DB
+rm $SECURITY_SERVER_DB
+rm $SECURITY_SERVER_DB_JOURNAL
+rm $SMACK_LABELING_FLAG_FILES
+if [ -d $PRIVILEGE_CONTROL_CACHE_DIR ]; then
+ rm -r $PRIVILEGE_CONTROL_CACHE_DIR
+fi
+
+# move 2.x password files managed by security-server to auth-fw directory
+mkdir $AUTH_FW_DIR
+mkdir $AUTH_FW_DIR/5001
+chmod 770 $AUTH_FW_DIR
+chmod 700 $AUTH_FW_DIR/5001
+if [ -d $SECURITY_SERVER_DIR ]; then
+ mv $SECURITY_SERVER_DIR/attempt $AUTH_FW_DIR/5001
+ mv $SECURITY_SERVER_DIR/password $AUTH_FW_DIR/5001/password.old
+ chmod 600 $AUTH_FW_DIR/5001/*
+ rm -r $SECURITY_SERVER_DIR
+fi
+
+find $AUTH_FW_DIR -exec chown security_fw:security_fw {} +
+find $AUTH_FW_DIR -exec chsmack -a System {} +
+
+# make Cynara and Security-manager directories/files in rw partition
+mkdir $CYNARA_DIR
+chmod 700 $CYNARA_DIR
+chown cynara:cynara $CYNARA_DIR
+chsmack -a '_' $CYNARA_DIR
+
+mkdir $SECURITY_MANAGER_DIR
+mkdir $SECURITY_MANAGER_DIR/owner
+mkdir $SECURITY_MANAGER_DIR/rules
+mkdir $SECURITY_MANAGER_DIR/rules-merged
+touch $SECURITY_MANAGER_DIR/apps-names
+touch $SECURITY_MANAGER_DIR/owner/apps-names
+touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+chmod 711 $SECURITY_MANAGER_DIR
+chmod 711 $SECURITY_MANAGER_DIR/owner
+chmod 700 $SECURITY_MANAGER_DIR/rules
+chmod 700 $SECURITY_MANAGER_DIR/rules-merged
+chmod 444 $SECURITY_MANAGER_DIR/apps-names
+chmod 444 $SECURITY_MANAGER_DIR/owner/apps-names
+chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+
+find $SECURITY_MANAGER_DIR -exec chown root:root {} +
+find $SECURITY_MANAGER_DIR -exec chsmack -a '_' {} +
+
+# init Cynara and Security-manager database
+touch $SECURITY_MANAGER_DB
+touch $SECURITY_MANAGER_DB_JOURNAL
+
+/usr/sbin/cynara-db-migration install -t 0.14.0
+/usr/share/security-manager/db/update.sh
+/usr/bin/security-manager-policy-reload
+
+chmod 600 $SECURITY_MANAGER_DB
+chmod 600 $SECURITY_MANAGER_DB_JOURNAL
+chown root:root $SECURITY_MANAGER_DB
+chown root:root $SECURITY_MANAGER_DB_JOURNAL
+chsmack -a System $SECURITY_MANAGER_DB
+chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
+
+# Common Smack labeling
+/usr/share/security-config/set_label
+
+# restart services
+systemctl restart security-manager.service
+systemctl reset-failed cynara.service
+systemctl restart cynara.service
+++ /dev/null
-#!/bin/sh
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-#--------------------------------------
-# RW patch for FOTA/FUS upgrade
-#--------------------------------------
-# 2.x rw partition security directoy
-APPLICATION_RULES=/opt/dbspace/.rules_file
-PRIVACY_DB=/opt/dbspace/.privacy.db
-PRIVACY_DB_JOURNAL=/opt/dbspace/.privacy.db-journal
-PRIVACYLIST_DB=/opt/dbspace/.privacylist.db
-PRIVILEGE_CONTROL_CACHE_DIR=/opt/data/privilege-control-cache
-SECURITY_SERVER_DB=/opt/dbspace/.rules-db.db3
-SECURITY_SERVER_DB_JOURNAL=/opt/dbspace/.rules-db.db3-journal
-SECURITY_SERVER_DIR=/opt/data/security-server
-SMACK_LABELING_FLAG_FILES=/opt/data/.smack_*
-
-# 3.0 rw partition security directoy
-AUTH_FW_DIR=/opt/data/auth-fw
-CYNARA_DIR=/opt/var/cynara
-SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
-SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
-SECURITY_MANAGER_DIR=/opt/var/security-manager
-
-
-#--------------------------------------
-# Start
-#--------------------------------------
-# remove non used directories/files
-rm $APPLICATION_RULES
-rm $PRIVACY_DB
-rm $PRIVACY_DB_JOURNAL
-rm $PRIVACYLIST_DB
-rm $SECURITY_SERVER_DB
-rm $SECURITY_SERVER_DB_JOURNAL
-rm $SMACK_LABELING_FLAG_FILES
-if [ -d $PRIVILEGE_CONTROL_CACHE_DIR ]; then
- rm -r $PRIVILEGE_CONTROL_CACHE_DIR
-fi
-
-# move 2.x password files managed by security-server to auth-fw directory
-mkdir $AUTH_FW_DIR
-mkdir $AUTH_FW_DIR/5001
-chmod 770 $AUTH_FW_DIR
-chmod 700 $AUTH_FW_DIR/5001
-if [ -d $SECURITY_SERVER_DIR ]; then
- mv $SECURITY_SERVER_DIR/attempt $AUTH_FW_DIR/5001
- mv $SECURITY_SERVER_DIR/password $AUTH_FW_DIR/5001/password.old
- chmod 600 $AUTH_FW_DIR/5001/*
- rm -r $SECURITY_SERVER_DIR
-fi
-
-find $AUTH_FW_DIR -exec chown security_fw:security_fw {} +
-find $AUTH_FW_DIR -exec chsmack -a System {} +
-
-# make Cynara and Security-manager directories/files in rw partition
-mkdir $CYNARA_DIR
-chmod 700 $CYNARA_DIR
-chown cynara:cynara $CYNARA_DIR
-chsmack -a '_' $CYNARA_DIR
-
-mkdir $SECURITY_MANAGER_DIR
-mkdir $SECURITY_MANAGER_DIR/owner
-mkdir $SECURITY_MANAGER_DIR/rules
-mkdir $SECURITY_MANAGER_DIR/rules-merged
-touch $SECURITY_MANAGER_DIR/apps-names
-touch $SECURITY_MANAGER_DIR/owner/apps-names
-touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
-chmod 711 $SECURITY_MANAGER_DIR
-chmod 711 $SECURITY_MANAGER_DIR/owner
-chmod 700 $SECURITY_MANAGER_DIR/rules
-chmod 700 $SECURITY_MANAGER_DIR/rules-merged
-chmod 444 $SECURITY_MANAGER_DIR/apps-names
-chmod 444 $SECURITY_MANAGER_DIR/owner/apps-names
-chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
-
-find $SECURITY_MANAGER_DIR -exec chown root:root {} +
-find $SECURITY_MANAGER_DIR -exec chsmack -a '_' {} +
-
-# init Cynara and Security-manager database
-touch $SECURITY_MANAGER_DB
-touch $SECURITY_MANAGER_DB_JOURNAL
-
-/usr/sbin/cynara-db-migration install -t 0.14.0
-/usr/share/security-manager/db/update.sh
-/usr/bin/security-manager-policy-reload
-
-chmod 600 $SECURITY_MANAGER_DB
-chmod 600 $SECURITY_MANAGER_DB_JOURNAL
-chown root:root $SECURITY_MANAGER_DB
-chown root:root $SECURITY_MANAGER_DB_JOURNAL
-chsmack -a System $SECURITY_MANAGER_DB
-chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
-
-# Common Smack labeling
-/usr/share/security-config/set_label
-
-# restart services
-systemctl restart security-manager.service
-systemctl reset-failed cynara.service
-systemctl restart cynara.service
projects / platform / core / security / security-config.git / commitdiff