Change the label of the upgrade script.

Change-Id: Ibb6c482a69e976e64a778b65b5234c54500ff0bf

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a24d579aff50d96c71a5b067025ae2a90d286602..1cb6241308eb6a0ed8096550979d112e1cc8cb51 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,7 +14,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/set_capability DESTINATION /usr/share/s
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/lib/tmpfiles.d/)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
-INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/011.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
 
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config)

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index 8c8e3d19e162205657b4a87d57cd623ee622287a..37250990daff102e576979668bc33fa750a14c6f 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -101,7 +101,7 @@ rm /usr/share/security-config/test/capability_test/*
 %attr(755,root,root) /usr/share/security-config/test/path_check_test/*
 %attr(755,root,root) /usr/share/security-config/test/smack_basic_test/*
 %attr(755,root,root) /usr/share/security-config/test/security_mount_option_test/*
-%attr(755,root,root) /usr/share/upgrade/scripts/011.security_upgrade.sh
+%attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
 

diff --git a/upgrade/011.security_upgrade.sh b/upgrade/011.security_upgrade.sh
deleted file mode 100644 (file)
index 6f93203..0000000
--- a/upgrade/011.security_upgrade.sh
+++ /dev/null
@@ -1,104 +0,0 @@
-#!/bin/sh
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-#--------------------------------------
-# RW patch for FOTA/FUS upgrade
-#--------------------------------------
-# 2.x rw partition security directoy
-APPLICATION_RULES=/opt/dbspace/.rules_file
-PRIVACY_DB=/opt/dbspace/.privacy.db
-PRIVACY_DB_JOURNAL=/opt/dbspace/.privacy.db-journal
-PRIVACYLIST_DB=/opt/dbspace/.privacylist.db
-PRIVILEGE_CONTROL_CACHE_DIR=/opt/data/privilege-control-cache
-SECURITY_SERVER_DB=/opt/dbspace/.rules-db.db3
-SECURITY_SERVER_DB_JOURNAL=/opt/dbspace/.rules-db.db3-journal
-SECURITY_SERVER_DIR=/opt/data/security-server
-SMACK_LABELING_FLAG_FILES=/opt/data/.smack_*
-
-# 3.0 rw partition security directoy
-AUTH_FW_DIR=/opt/data/auth-fw
-CYNARA_DIR=/opt/var/cynara
-SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
-SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
-SECURITY_MANAGER_DIR=/opt/var/security-manager
-
-
-#--------------------------------------
-# Start
-#--------------------------------------
-# remove non used directories/files
-rm $APPLICATION_RULES
-rm $PRIVACY_DB
-rm $PRIVACY_DB_JOURNAL
-rm $PRIVACYLIST_DB
-rm $SECURITY_SERVER_DB
-rm $SECURITY_SERVER_DB_JOURNAL
-rm $SMACK_LABELING_FLAG_FILES
-if [ -d $PRIVILEGE_CONTROL_CACHE_DIR ]; then
-    rm -r $PRIVILEGE_CONTROL_CACHE_DIR
-fi
-
-# move 2.x password files managed by security-server to auth-fw directory
-mkdir $AUTH_FW_DIR
-mkdir $AUTH_FW_DIR/5001
-chmod 770 $AUTH_FW_DIR
-chmod 700 $AUTH_FW_DIR/5001
-if [ -d $SECURITY_SERVER_DIR ]; then
-    mv $SECURITY_SERVER_DIR/attempt $AUTH_FW_DIR/5001
-    mv $SECURITY_SERVER_DIR/password $AUTH_FW_DIR/5001/password.old
-    chmod 600 $AUTH_FW_DIR/5001/*
-    rm -r $SECURITY_SERVER_DIR
-fi
-
-find $AUTH_FW_DIR -exec chown security_fw:security_fw {} +
-find $AUTH_FW_DIR -exec chsmack -a System {} +
-
-# make Cynara and Security-manager directories/files in rw partition
-mkdir $CYNARA_DIR
-chmod 700 $CYNARA_DIR
-chown cynara:cynara $CYNARA_DIR
-chsmack -a '_' $CYNARA_DIR
-
-mkdir $SECURITY_MANAGER_DIR
-mkdir $SECURITY_MANAGER_DIR/owner
-mkdir $SECURITY_MANAGER_DIR/rules
-mkdir $SECURITY_MANAGER_DIR/rules-merged
-touch $SECURITY_MANAGER_DIR/apps-labels
-touch $SECURITY_MANAGER_DIR/owner/apps-labels
-touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
-chmod 711 $SECURITY_MANAGER_DIR
-chmod 711 $SECURITY_MANAGER_DIR/owner
-chmod 700 $SECURITY_MANAGER_DIR/rules
-chmod 700 $SECURITY_MANAGER_DIR/rules-merged
-chmod 444 $SECURITY_MANAGER_DIR/apps-labels
-chmod 444 $SECURITY_MANAGER_DIR/owner/apps-labels
-chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
-
-find $SECURITY_MANAGER_DIR -exec chown root:root {} +
-find $SECURITY_MANAGER_DIR -exec chsmack -a '_' {} +
-
-# init Cynara and Security-manager database
-touch $SECURITY_MANAGER_DB
-touch $SECURITY_MANAGER_DB_JOURNAL
-
-/usr/sbin/cynara-db-migration install -t 0.14.0
-/usr/share/security-manager/db/update.sh
-/usr/bin/security-manager-policy-reload
-
-chmod 600 $SECURITY_MANAGER_DB
-chmod 600 $SECURITY_MANAGER_DB_JOURNAL
-chown root:root $SECURITY_MANAGER_DB
-chown root:root $SECURITY_MANAGER_DB_JOURNAL
-chsmack -a System $SECURITY_MANAGER_DB
-chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
-
-# Common Smack labeling
-/usr/share/security-config/set_label
-
-# restart services
-systemctl start security-manager
-systemctl start cynara
-
-# update default user to cynara db
-/usr/bin/security-manager-cmd --manage-users=add --uid=5001 --usertype=admin

diff --git a/upgrade/201.security_upgrade.sh b/upgrade/201.security_upgrade.sh
new file mode 100644 (file)
index 0000000..6f93203
--- /dev/null
+++ b/upgrade/201.security_upgrade.sh
@@ -0,0 +1,104 @@
+#!/bin/sh
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+#--------------------------------------
+# RW patch for FOTA/FUS upgrade
+#--------------------------------------
+# 2.x rw partition security directoy
+APPLICATION_RULES=/opt/dbspace/.rules_file
+PRIVACY_DB=/opt/dbspace/.privacy.db
+PRIVACY_DB_JOURNAL=/opt/dbspace/.privacy.db-journal
+PRIVACYLIST_DB=/opt/dbspace/.privacylist.db
+PRIVILEGE_CONTROL_CACHE_DIR=/opt/data/privilege-control-cache
+SECURITY_SERVER_DB=/opt/dbspace/.rules-db.db3
+SECURITY_SERVER_DB_JOURNAL=/opt/dbspace/.rules-db.db3-journal
+SECURITY_SERVER_DIR=/opt/data/security-server
+SMACK_LABELING_FLAG_FILES=/opt/data/.smack_*
+
+# 3.0 rw partition security directoy
+AUTH_FW_DIR=/opt/data/auth-fw
+CYNARA_DIR=/opt/var/cynara
+SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
+SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
+SECURITY_MANAGER_DIR=/opt/var/security-manager
+
+
+#--------------------------------------
+# Start
+#--------------------------------------
+# remove non used directories/files
+rm $APPLICATION_RULES
+rm $PRIVACY_DB
+rm $PRIVACY_DB_JOURNAL
+rm $PRIVACYLIST_DB
+rm $SECURITY_SERVER_DB
+rm $SECURITY_SERVER_DB_JOURNAL
+rm $SMACK_LABELING_FLAG_FILES
+if [ -d $PRIVILEGE_CONTROL_CACHE_DIR ]; then
+    rm -r $PRIVILEGE_CONTROL_CACHE_DIR
+fi
+
+# move 2.x password files managed by security-server to auth-fw directory
+mkdir $AUTH_FW_DIR
+mkdir $AUTH_FW_DIR/5001
+chmod 770 $AUTH_FW_DIR
+chmod 700 $AUTH_FW_DIR/5001
+if [ -d $SECURITY_SERVER_DIR ]; then
+    mv $SECURITY_SERVER_DIR/attempt $AUTH_FW_DIR/5001
+    mv $SECURITY_SERVER_DIR/password $AUTH_FW_DIR/5001/password.old
+    chmod 600 $AUTH_FW_DIR/5001/*
+    rm -r $SECURITY_SERVER_DIR
+fi
+
+find $AUTH_FW_DIR -exec chown security_fw:security_fw {} +
+find $AUTH_FW_DIR -exec chsmack -a System {} +
+
+# make Cynara and Security-manager directories/files in rw partition
+mkdir $CYNARA_DIR
+chmod 700 $CYNARA_DIR
+chown cynara:cynara $CYNARA_DIR
+chsmack -a '_' $CYNARA_DIR
+
+mkdir $SECURITY_MANAGER_DIR
+mkdir $SECURITY_MANAGER_DIR/owner
+mkdir $SECURITY_MANAGER_DIR/rules
+mkdir $SECURITY_MANAGER_DIR/rules-merged
+touch $SECURITY_MANAGER_DIR/apps-labels
+touch $SECURITY_MANAGER_DIR/owner/apps-labels
+touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+chmod 711 $SECURITY_MANAGER_DIR
+chmod 711 $SECURITY_MANAGER_DIR/owner
+chmod 700 $SECURITY_MANAGER_DIR/rules
+chmod 700 $SECURITY_MANAGER_DIR/rules-merged
+chmod 444 $SECURITY_MANAGER_DIR/apps-labels
+chmod 444 $SECURITY_MANAGER_DIR/owner/apps-labels
+chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+
+find $SECURITY_MANAGER_DIR -exec chown root:root {} +
+find $SECURITY_MANAGER_DIR -exec chsmack -a '_' {} +
+
+# init Cynara and Security-manager database
+touch $SECURITY_MANAGER_DB
+touch $SECURITY_MANAGER_DB_JOURNAL
+
+/usr/sbin/cynara-db-migration install -t 0.14.0
+/usr/share/security-manager/db/update.sh
+/usr/bin/security-manager-policy-reload
+
+chmod 600 $SECURITY_MANAGER_DB
+chmod 600 $SECURITY_MANAGER_DB_JOURNAL
+chown root:root $SECURITY_MANAGER_DB
+chown root:root $SECURITY_MANAGER_DB_JOURNAL
+chsmack -a System $SECURITY_MANAGER_DB
+chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
+
+# Common Smack labeling
+/usr/share/security-config/set_label
+
+# restart services
+systemctl start security-manager
+systemctl start cynara
+
+# update default user to cynara db
+/usr/bin/security-manager-cmd --manage-users=add --uid=5001 --usertype=admin