crash-service: Permit service & app livedump API clients

The d-bus livedump_pid API can be used by both services and apps.

For service to use the API it should be member of (supplementary)
priv_livecoredumper group.

For application to use the API it should be given the
"http://tizen.org/privilege/internal/livecoredump" privilege.
However, it's internal privilege so it can't be given from the
application manifest. See 'livedumper' section in NOTES file
for hints.

Change-Id: I01586c2c00f7a15d2553e4284ce373a03f9433b1

diff --git a/src/crash-service/crash-service.conf b/src/crash-service/crash-service.conf
index 78eb60b..69bb35c 100644 (file)
--- a/src/crash-service/crash-service.conf
+++ b/src/crash-service/crash-service.conf
@@ -6,39 +6,33 @@
                <allow send_destination="org.tizen.system.diagnostics"
                       send_interface="org.tizen.system.diagnostics"
                       send_member="get_file"/>
-       </policy>
-       <policy user="root">
-               <allow own="org.tizen.system.crash.livedump"/>
+
                <allow send_destination="org.tizen.system.crash.livedump"
                       send_interface="org.tizen.system.crash.livedump"
                       send_member="livedump_pid"/>
        </policy>
        <policy user="crash_worker">
+               <allow own="org.tizen.system.crash.livedump"/>
+
                <allow own="org.tizen.system.diagnostics"/>
                <allow send_destination="org.tizen.system.diagnostics"
                       send_interface="org.tizen.system.diagnostics"
                       send_member="get_file"/>
        </policy>
-       <policy user="crash_worker">
-               <allow own="org.tizen.system.crash.livedump"/>
-               <allow send_destination="org.tizen.system.crash.livedump"
-                      send_interface="org.tizen.system.crash.livedump"
-                      send_member="livedump_pid"/>
-       </policy>
-       <policy user="stability_monitor">
+       <policy group="priv_livecoredump">
+               <!-- following section also permits applications with
+                    "http://tizen.org/privilege/internal/livecoredump"
+                    privilege, due to privilege -> gid mapping being used -->
                <allow send_destination="org.tizen.system.crash.livedump"
                       send_interface="org.tizen.system.crash.livedump"
                       send_member="livedump_pid"/>
        </policy>
        <policy context="default">
                <deny own="org.tizen.system.crash.livedump"/>
+               <deny send_destination="org.tizen.system.crash.livedump"/>
+
                <deny own="org.tizen.system.diagnostics"/>
                <deny send_destination="org.tizen.system.diagnostics"/>
-               <deny send_destination="org.tizen.system.crash.livedump"/>
-               <check privilege="http://tizen.org/privilege/internal/livecoredump"
-                      send_destination="org.tizen.system.crash.livedump"
-                      send_interface="org.tizen.system.crash.livedump"
-                      send_member="livedump_pid"/>
                <check send_destination="org.tizen.system.diagnostics"
                       send_interface="org.tizen.system.diagnostics"
                       send_member="get_file"