PATH=/bin:/usr/bin:/sbin:/usr/sbin
-CYNARA_DIR=/opt/var/cynara
-SECURITY_MANAGER_DIR=/opt/var/security-manager
+# Migration of cynara DB
+CYNARA_VERSION=$(rpm -qf /usr/bin/cynara | cut -d "-" -f2)
+cynara-db-migration upgrade -f 0.0.0 -t $CYNARA_VERSION
-# backup cynara default and admin buckets
-CYNARA_DEFAULT_DB_BACKUP=/opt/data/CYNARA_DEFAULT_DB_BACKUP
-cyad --list-policies="" --all | grep "User::Pkg::" > $CYNARA_DEFAULT_DB_BACKUP
-CYNARA_ADMIN_DB_BACKUP=/opt/data/CYNARA_ADMIN_DB_BACKUP
-cyad --list-policies=ADMIN --all | grep "User::Pkg::" > $CYNARA_ADMIN_DB_BACKUP
-
-# make Cynara and Security-manager directories/files in rw partition
-rm -r $SECURITY_MANAGER_DIR
-mkdir $SECURITY_MANAGER_DIR
-mkdir $SECURITY_MANAGER_DIR/owner
-mkdir $SECURITY_MANAGER_DIR/rules
-mkdir $SECURITY_MANAGER_DIR/rules-merged
-touch $SECURITY_MANAGER_DIR/apps-labels
-touch $SECURITY_MANAGER_DIR/owner/apps-labels
-touch $SECURITY_MANAGER_DIR/rules-merged/rules.merged
-chmod 711 $SECURITY_MANAGER_DIR
-chmod 711 $SECURITY_MANAGER_DIR/owner
-chmod 700 $SECURITY_MANAGER_DIR/rules
-chmod 700 $SECURITY_MANAGER_DIR/rules-merged
-chmod 444 $SECURITY_MANAGER_DIR/apps-labels
-chmod 444 $SECURITY_MANAGER_DIR/owner/apps-labels
-chmod 644 $SECURITY_MANAGER_DIR/rules-merged/rules.merged
+# Migration of security-manager DB
+/usr/share/security-manager/db/update.sh
-# init Cynara and Security-manager database
-# security-manager DB
-SECURITY_MANAGER_DB=/opt/dbspace/.security-manager.db
-SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal
-rm $SECURITY_MANAGER_DB
-rm $SECURITY_MANAGER_DB_JOURNAL
-touch $SECURITY_MANAGER_DB
-touch $SECURITY_MANAGER_DB_JOURNAL
+# List ask-type cynara rule
+ASKTYPE_CYNARA_RULE_TEMP="/opt/data/asktype_cynara_rule"
+cyad --list-policies="" --all | grep ";10;" > $ASKTYPE_CYNARA_RULE_TEMP # TODO : Need to check how to fileter ask type rule except of ";10;"
-chmod 600 $SECURITY_MANAGER_DB
-chmod 600 $SECURITY_MANAGER_DB_JOURNAL
-chown root:root $SECURITY_MANAGER_DB
-chown root:root $SECURITY_MANAGER_DB_JOURNAL
-chsmack -a System $SECURITY_MANAGER_DB
-chsmack -a System $SECURITY_MANAGER_DB_JOURNAL
+# Delete ask-type cynara rule (api version <= 3.0 would not have ask-type rule in Tizen-4.0 image)
+while read ask_rule_line
+do
+ CLIENT=$(echo "$ask_rule_line" | cut -d ";" -f2)
+ USER=$(echo "$ask_rule_line" | cut -d ";" -f3)
+ PRIVILEGE=$(echo "$ask_rule_line" | cut -d ";" -f4)
+ cyad --erase="" --recursive="no" --client="$CLIENT" --user="$USER" --privilege="$PRIVILEGE"
+done < $ASKTYPE_CYNARA_RULE_TEMP
-/usr/share/security-manager/db/update.sh
+rm -f $ASKTYPE_CYNARA_RULE_TEMP
-# cynara DB
-rm /var/cynara/db/*
-/usr/sbin/cynara-db-migration install -t 0.14.10
-/usr/bin/security-manager-policy-reload
+# start cynara & security-manager
+systemctl start cynara
+security-manager-policy-reload
+/usr/share/security-manager/policy/update.sh
+systemctl start security-manager
# Create privacy database
PRIVILEGE_CHECKER_PRIVACY_DB=/opt/dbspace/.privacy.db
chown root:app_fw $PRIVILEGE_CHECHER_PRIVACY_DB_JOURNAL
chsmack -a System::Shared $PRIVILEGE_CHECKER_PRIVACY_DB
chsmack -a System::Shared $PRIVILEGE_CHECHER_PRIVACY_DB_JOURNAL
-
-# init Privilege-checker dpm/mdm policy database (it could be not necessary, but remains for the safe.)
-/usr/share/privilege-manager/policy_db_updater.sh
-
-# start security-manager
-systemctl start cynara
-systemctl start security-manager
-
projects / platform / core / security / security-config.git / commitdiff