projects / platform / hal / backend / rpi / device-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7915c75)
Add omitted file access control setting 00/320500/3 accepted/tizen/unified/20250305.160216 accepted/tizen/unified/x/20250306.020046
authorYunhee Seo <yuni.seo@samsung.com>
Tue, 4 Mar 2025 08:24:56 +0000 (17:24 +0900)
committerYunhee Seo <yuni.seo@samsung.com>
Tue, 4 Mar 2025 08:41:18 +0000 (17:41 +0900)
From hal-backend-device-rpi, there was no file access control configuration.
Depends on device node read/write policy, dac/smack rule configs are added.
hal-backend-device-rpi can support access control in the config rules.

Change-Id: Ib23745510b7d0b37b05c01cab1e4271237a2bf3a
Signed-off-by: Yunhee Seo <yuni.seo@samsung.com>
CMakeLists.txt patch | blob | history
conf/hal-backend-device-rpi.conf [new file with mode: 0644] patch | blob
packaging/hal-backend-device-rpi.spec patch | blob | history

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 391daa1e1452d6c36d03bbe8103441210209ea52..f24c91999fcebc4ffd507e8e568adb800d9590bc 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,6 +19,7 @@ ENDIF()
 INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include)
 
 INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE.Apache-2.0 DESTINATION ${HAL_LICENSE_DIR}/${PROJECT_NAME})
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/conf/hal-backend-device-rpi.conf DESTINATION /hal/lib/tmpfiles.d)
 
 ADD_SUBDIRECTORY(hw/board)
 ADD_SUBDIRECTORY(hw/display)
diff --git a/conf/hal-backend-device-rpi.conf b/conf/hal-backend-device-rpi.conf
new file mode 100644 (file)
index 0000000..635cd13
--- /dev/null
+++ b/conf/hal-backend-device-rpi.conf
@@ -0,0 +1,30 @@
+z      /sys/class/backlight/10-0045/brightness 0664    root    system_fw       -
+t      /sys/class/backlight/10-0045/brightness -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/class/backlight/10-0045/max_brightness     0664    root    system_fw       -
+t      /sys/class/backlight/10-0045/max_brightness     -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/devices/platform/rpi_ft5406/enable 0664    root    system_fw       -
+t      /sys/devices/platform/rpi_ft5406/enable -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/partition-ab.info   0664    root    system_fw       -
+t      /mnt/inform/partition-ab.info   -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/partition-ab-cloned.info    0664    root    system_fw       -
+t      /mnt/inform/partition-ab-cloned.info    -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/upgrade-progress-status.info        0664    root    system_fw       -
+t      /mnt/inform/upgrade-progress-status.info        -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/partition-a-status.info     0664    root    system_fw       -
+t      /mnt/inform/partition-a-status.info     -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/partition-b-status.info     0664    root    system_fw       -
+t      /mnt/inform/partition-b-status.info     -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/reboot-param.bin    0664    root    system_fw       -
+t      /mnt/inform/reboot-param.bin    -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/upgrade-state.info  0664    root    system_fw       -
+t      /mnt/inform/upgrade-state.info  -       -       -       -       security.SMACK64="System::Shared"
+z      /mnt/inform/upgrade-type.info   0664    root    system_fw       -
+t      /mnt/inform/upgrade-type.info   -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/firmware/devicetree/base/serial-number     0644    root    system_fw       -
+t      /sys/firmware/devicetree/base/serial-number     -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/kernel/debug/dri/0/gem_info        0644    root    system_fw       -
+t      /sys/kernel/debug/dri/0/gem_info        -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/kernel/debug/dri/1/gem_info        0644    root    system_fw       -
+t      /sys/kernel/debug/dri/1/gem_info        -       -       -       -       security.SMACK64="System::Shared"
+z      /sys/class/thermal/thermal_zone0/temp   0644    root    system_fw       -
+t      /sys/class/thermal/thermal_zone0/temp   -       -       -       -       security.SMACK64="System::Shared"
\ No newline at end of file
diff --git a/packaging/hal-backend-device-rpi.spec b/packaging/hal-backend-device-rpi.spec
index 1e108d9108d7820d2c413bb7c4ac0cfb75d0f916..6072c4c56bcefedb13dad2dd444af84caa1af092 100644 (file)
--- a/packaging/hal-backend-device-rpi.spec
+++ b/packaging/hal-backend-device-rpi.spec
@@ -65,6 +65,7 @@ install -m 644 hw/upgrade/* %{buildroot}%{_hal_sysconfdir}/upgrade
 
 %post
 /sbin/ldconfig
+systemd-tmpfiles /hal/lib/tmpfiles.d/hal-backend-device-rpi.conf --create
 
 %postun
 /sbin/ldconfig
@@ -112,3 +113,4 @@ popd
 %{_hal_sysconfdir}/peripheral-io/rpi4/gpio.ini
 %{_hal_sysconfdir}/upgrade/*
 %{_hal_libdir}/libhal-backend-device-display.rpi4.so
+/hal/lib/tmpfiles.d/hal-backend-device-rpi.conf
Domain: System / System Framework Device Management;