Add smack privilege as 'System::Tools' to device_board_* tools

To set privilege and prohibit accesses to the device_board_* commands,
smack label 'System::Tools' is added.

Change-Id: I41a20162372a46fa238e2091053db972cdb01364
Signed-off-by: SangYoun Kwak <sy.kwak@samsung.com>

diff --git a/packaging/deviced.spec b/packaging/deviced.spec
index 830d875e223db6444f33a84b4ef9d921587ca13e..4720036407b1ecaa944fbb18d4057ead2613491b 100644 (file)
--- a/packaging/deviced.spec
+++ b/packaging/deviced.spec
@@ -237,6 +237,22 @@ update-alternatives --remove shutdown %{_sbindir}/deviced-power-command || :
 
 %postun -n libdeviced -p /sbin/ldconfig
 
+%post tools
+chsmack -a 'System::Tools' %{_bindir}/device_board_set_boot_success
+chsmack -a 'System::Tools' %{_bindir}/device_board_clear_boot_mode
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_boot_mode
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_current_partition
+chsmack -a 'System::Tools' %{_bindir}/device_board_switch_partition
+chsmack -a 'System::Tools' %{_bindir}/device_board_set_partition_ab_cloned
+chsmack -a 'System::Tools' %{_bindir}/device_board_clear_partition_ab_cloned
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_partition_ab_cloned
+chsmack -a 'System::Tools' %{_bindir}/device_board_set_partition_status
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_partition_status
+chsmack -a 'System::Tools' %{_bindir}/device_board_set_upgrade_progress_status
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_upgrade_progress_status
+chsmack -a 'System::Tools' %{_bindir}/device_board_set_upgrade_state
+chsmack -a 'System::Tools' %{_bindir}/device_board_get_upgrade_state
+
 %post plugin-profile-mobile
 mv %{_sysconfdir}/deviced/display-profile-mobile.conf %{_sysconfdir}/deviced/display.conf
 mv %{_sysconfdir}/deviced/power-profile-mobile.conf %{_sysconfdir}/deviced/power.conf