SET(VERSION "${VERSION_MAJOR}.0.2")
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/group_id_setting DESTINATION /usr/share/security-config)
-INSTALL(FILES ${CMAKE_SOURCE_DIR}/labeling/set_label DESTINATION /usr/share/security-config)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/set_label DESTINATION /usr/share/security-config)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/set_capability DESTINATION /usr/share/security-config)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/lib/tmpfiles.d/)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/10.security.upgrade.sh DESTINATION /usr/share/upgrade/scripts)
IF("${PROFILE}" STREQUAL "mobile" OR "${PROFILE}" STREQUAL "wearable")
INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
%attr(755,root,root) /usr/share/security-config/test/path_check_test/*
%attr(755,root,root) /usr/share/security-config/test/smack_basic_test/*
%attr(755,root,root) /usr/share/security-config/test/security_mount_option_test/*
+%attr(755,root,root) /usr/share/upgrade/scripts/10.security.upgrade.sh
%attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
%attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
%if ("%{?profile}" == "mobile" || "%{?profile}" == "wearable")
--- /dev/null
+#!/bin/sh
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+#--------------------------------------
+# RW patch for FOTA/FUS upgrade
+#--------------------------------------
+# 2.x rw partition security directoy
+APPLICATION_RULES=/opt/dbspace/.rules_file
+PRIVILEGE_CONTROL_CACHE_DIR=/opt/data/privilege-control-cache
+SECURITY_SERVER_DB=/opt/dbspace/.rules-db.db3
+SECURITY_SERVER_DB_JOURNAL=/opt/dbspace/.rules-db.db3-journal
+SECURITY_SERVER_DIR=/opt/data/security-server
+
+# 3.0 rw partition security directoy
+AUTH_FW_DIR=/opt/data/auth-fw
+CYNARA_DIR=/opt/var/cynara
+SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
+SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
+SECURITY_MANAGER_DIR=/opt/var/security-manager
+
+
+#--------------------------------------
+# Start
+#--------------------------------------
+# remove non used directories/files
+rm $APPLICATION_RULES
+rm $SECURITY_SERVER_DB
+rm $SECURITY_SERVER_DB_JOURNAL
+if [ -d $PRIVILEGE_CONTROL_CACHE_DIR ]; then
+ rm -r $PRIVILEGE_CONTROL_CACHE_DIR
+fi
+
+# move 2.x password files managed by security-server to auth-fw directory
+mkdir $AUTH_FW_DIR
+mkdir $AUTH_FW_DIR/5001
+chmod 770 $AUTH_FW_DIR
+chmod 700 $AUTH_FW_DIR/5001
+if [ -d $SECURITY_SERVER_DIR ]; then
+ mv $SECURITY_SERVER_DIR/* $AUTH_FW_DIR/5001
+ chmod 600 $AUTH_FW_DIR/5001/*
+ rm -r $SECURITY_SERVER_DIR
+fi
+
+find $AUTH_FW_DIR -exec chown security_fw:security_fw {} +
+find $AUTH_FW_DIR -exec chsmack -a System {} +
+
+# make Cynara and Security-manager directories/files in rw partition
+mkdir $CYNARA_DIR
+chmod 700 $CYNARA_DIR
+chown cynara:cynara $CYNARA_DIR
+chsmack -a '_' $CYNARA_DIR
+
+mkdir $SECURITY_MANAGER_DIR
+mkdir $SECURITY_MANAGER_DIR/owner
+mkdir $SECURITY_MANAGER_DIR/rules
+mkdir $SECURITY_MANAGER_DIR/rules-merged
+touch $SECURITY_MANAGER_DIR/apps-names
+touch $SECURITY_MANAGER_DIR/owner/apps-names
+touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+chmod 711 $SECURITY_MANAGER_DIR
+chmod 711 $SECURITY_MANAGER_DIR/owner
+chmod 700 $SECURITY_MANAGER_DIR/rules
+chmod 700 $SECURITY_MANAGER_DIR/rules-merged
+chmod 444 $SECURITY_MANAGER_DIR/apps-names
+chmod 444 $SECURITY_MANAGER_DIR/owner/apps-names
+chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+
+find $SECURITY_MANAGER_DIR -exec chown root:root {} +
+find $SECURITY_MANAGER_DIR -exec chsmack -a '_' {} +
+
+# init Cynara and Security-manager database
+touch $SECURITY_MANAGER_DB
+touch $SECURITY_MANAGER_DB_JOURNAL
+
+/usr/sbin/cynara-db-migration install -t 0.14.0
+/usr/share/security-manager/db/update.sh
+/usr/bin/security-manager-policy-reload
+
+chmod 600 $SECURITY_MANAGER_DB
+chmod 600 $SECURITY_MANAGER_DB_JOURNAL
+chown root:root $SECURITY_MANAGER_DB
+chown root:root $SECURITY_MANAGER_DB_JOURNAL
+chsmack -a System $SECURITY_MANAGER_DB
+chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
+
projects / platform / core / security / security-config.git / commitdiff