Fix and generalize generation of default "apps-names" configuration files

Per user "apps-names" files are used by recently merged functionality for
app label monitor for the application launcher.
The following fixes are provided:
- Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config
- Apply Smack labels in %post instead of %install to make the labels
  effective. RPM packages don't keep file xattrs, Smack labels must always
  be applied in package %post or in manifest.
- Mark the files as config files to avoid overwrite of apps-names in
  TZ_SYS_RW_APP when security-manager is upgraded

Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec
index ab7af8a..aef6987 100755 (executable)
--- a/packaging/security-manager.spec
+++ b/packaging/security-manager.spec
@@ -20,6 +20,7 @@ BuildRequires: pkgconfig(libcap)
 BuildRequires: pkgconfig(libsystemd-daemon)
 BuildRequires: pkgconfig(libsystemd-journal)
 BuildRequires: pkgconfig(libtzplatform-config)
+BuildRequires: tizen-platform-config-tools
 BuildRequires: pkgconfig(sqlite3)
 BuildRequires: pkgconfig(db-util)
 BuildRequires: pkgconfig(cynara-admin)
@@ -60,6 +61,8 @@ Requires(post): tizen-platform-config-tools
 %description policy
 Set of security rules that constitute security policy in the system
 
+%define TZ_SKEL_APP %(tzplatform-get TZ_USER_APP | cut -d= -f2 | sed "s|^$HOME|%{_sysconfdir}/skel|")
+
 %prep
 %setup -q
 cp %{SOURCE1} .
@@ -100,12 +103,9 @@ ln -s ../security-manager-rules-loader.service %{buildroot}/%{_unitdir}/basic.ta
 mkdir -p %{buildroot}/%{TZ_SYS_DB}
 touch %{buildroot}/%{TZ_SYS_DB}/.security-manager.db
 touch %{buildroot}/%{TZ_SYS_DB}/.security-manager.db-journal
-mkdir -p %{buildroot}%{_sysconfdir}/skel/apps_rw
-touch %{buildroot}%{_sysconfdir}/skel/apps_rw/apps-names
-chsmack -a _ %{buildroot}%{_sysconfdir}/skel/apps_rw/apps-names
-mkdir -p %{buildroot}%{TZ_SYS_RW_APP}
-touch %{buildroot}%{TZ_SYS_RW_APP}/apps-names
-chsmack -a _ %{buildroot}%{TZ_SYS_RW_APP}/apps-names
+
+install -m 0444 -D /dev/null %{buildroot}%{TZ_SKEL_APP}/apps-names
+install -m 0444 -D /dev/null %{buildroot}%{TZ_SYS_RW_APP}/apps-names
 
 %clean
 rm -rf %{buildroot}
@@ -125,9 +125,13 @@ if [ $1 = 2 ]; then
     systemctl restart security-manager.service
     %{_datadir}/security-manager/db/update.sh
 fi
+
 chsmack -a System %{TZ_SYS_DB}/.security-manager.db
 chsmack -a System %{TZ_SYS_DB}/.security-manager.db-journal
 
+chsmack -a _ %{TZ_SKEL_APP}/apps-names
+chsmack -a _ %{TZ_SYS_RW_APP}/apps-names
+
 %preun
 if [ $1 = 0 ]; then
     # unistall
@@ -157,8 +161,8 @@ fi
 %attr(755,root,root) %{_bindir}/security-manager-cleanup
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/50_security-manager-add.post
 %attr(755,root,root) %{_sysconfdir}/gumd/userdel.d/50_security-manager-remove.pre
-%attr(444,root,root) %{_sysconfdir}/skel/apps_rw/apps-names
-%attr(444,root,root) %{TZ_SYS_RW_APP}/apps-names
+%config(noreplace) %attr(444,root,root) %{TZ_SKEL_APP}/apps-names
+%config(noreplace) %attr(444,root,root) %{TZ_SYS_RW_APP}/apps-names
 %dir %attr(700,root,root) %{TZ_SYS_VAR}/security-manager/rules
 %dir %attr(700,root,root) %{TZ_SYS_VAR}/security-manager/rules-merged