Put debugproxy in a systemd service

author Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>

Tue, 10 Jul 2018 09:50:11 +0000 (11:50 +0200)

committer Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>

Wed, 1 Aug 2018 10:02:52 +0000 (12:02 +0200)
author Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Tue, 10 Jul 2018 09:50:11 +0000 (11:50 +0200)
committer Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Wed, 1 Aug 2018 10:02:52 +0000 (12:02 +0200)
diff --git a/packaging/tef-simulator.spec b/packaging/tef-simulator.spec

index 7d301a6..08a9162 100644 (file)
--- a/packaging/tef-simulator.spec
+++ b/packaging/tef-simulator.spec
@@ -106,6 +106,10 @@ cp include/include/LICENSE LICENSE.BSD
  if [ $1 -gt 1 ] ; then
      systemctl stop tef-simulator.socket
      systemctl stop tef-simulator.service
+    if systemctl list-unit-files tef-simulator-debugproxy.service | grep tef-simulator ; then
+        systemctl stop tef-simulator-debugproxy.socket
+        systemctl stop tef-simulator-debugproxy.service
+    fi
  fi
  
  %post
@@ -127,6 +131,9 @@ if [ $1 -eq 0 ] ; then
      systemctl stop tef-simulator.socket
      systemctl stop tef-simulator.service
      systemctl disable tef-simulator.socket
+    systemctl stop tef-simulator-debugproxy.socket
+    systemctl stop tef-simulator-debugproxy.service
+    systemctl disable tef-simulator-debugproxy.socket
  fi
  
  %postun
@@ -149,6 +156,8 @@ fi
  %attr(770,root,security_fw) %{tastore_dir}
  %attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.service
  %attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.socket
+%attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator-debugproxy.service
+%attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator-debugproxy.socket
  %attr(755,security_fw,security_fw) %{lib_dir}/tef/simulator/libteec.so
  %attr(770,root,security_fw) %{talog_dir}
  %attr(770,root,security_fw) %{storage_dir}
diff --git a/simulatordaemon/debugproxy/README b/simulatordaemon/debugproxy/README

index 7e10580..bebf36a 100644 (file)
--- a/simulatordaemon/debugproxy/README
+++ b/simulatordaemon/debugproxy/README
@@ -26,7 +26,7 @@ Solution
  ==================
  - Make a new daemon - tef-simulator-debugproxy
  - Runs with `System` label, as `security_fw` user, exposes a
-  `/var/run/tef-simulator-debugproxy` socket
+  `/var/run/simdaemon-debugproxy` socket
  - The socket has a `security_fw` owner and group, `0660` permissions
  - When launching a TA in debug mode, tef-simulator opens the debugproxy socket
    and tells the debugproxy which port it should listen to
diff --git a/simulatordaemon/debugproxy/src/main.cpp b/simulatordaemon/debugproxy/src/main.cpp

index cb3f748..ab7c69f 100644 (file)
--- a/simulatordaemon/debugproxy/src/main.cpp
+++ b/simulatordaemon/debugproxy/src/main.cpp
@@ -1,3 +1,6 @@
+#include <unistd.h>
+
  int main() {
-       return 0;
+       while (true)
+               sleep(1);
  }
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt

index 57f288d..1120edb 100644 (file)
--- a/systemd/CMakeLists.txt
+++ b/systemd/CMakeLists.txt
@@ -19,10 +19,14 @@
  
  CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/systemd/tef-simulator.service.in
                 ${CMAKE_SOURCE_DIR}/systemd/tef-simulator.service @ONLY)
+CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/systemd/tef-simulator-debugproxy.service.in
+               ${CMAKE_SOURCE_DIR}/systemd/tef-simulator-debugproxy.service @ONLY)
  
  INSTALL(FILES
      ${CMAKE_SOURCE_DIR}/systemd/tef-simulator.service
      ${CMAKE_SOURCE_DIR}/systemd/tef-simulator.socket
+    ${CMAKE_SOURCE_DIR}/systemd/tef-simulator-debugproxy.service
+    ${CMAKE_SOURCE_DIR}/systemd/tef-simulator-debugproxy.socket
      DESTINATION
      ${SYSTEMD_UNIT_DIR}
  )
diff --git a/systemd/tef-simulator-debugproxy.service.in b/systemd/tef-simulator-debugproxy.service.in

new file mode 100644 (file)

index 0000000..a16917d
--- /dev/null
+++ b/systemd/tef-simulator-debugproxy.service.in
@@ -0,0 +1,15 @@
+[Unit]
+Description=TEF Simulator Daemon debug proxy
+Requires=tef-simulator-debugproxy.socket
+DefaultDependencies=no
+
+[Service]
+User=security_fw
+Group=security_fw
+CapabilityBoundingSet=
+SmackProcessLabel=System
+ExecStart=@SYSTEMD_CFG_BIN_DIR@/tef-simulator-debugproxy
+RuntimeDirectory=@SERVICE_NAME@
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/tef-simulator-debugproxy.socket b/systemd/tef-simulator-debugproxy.socket

new file mode 100644 (file)

index 0000000..42f1a4b
--- /dev/null
+++ b/systemd/tef-simulator-debugproxy.socket
@@ -0,0 +1,10 @@
+[Socket]
+ListenStream=/var/run/simdaemon-debugproxy
+SocketMode=0660
+SocketGroup=security_fw
+SocketUser=sdk
+SmackLabelIPIn=System::TEF
+SmackLabelIPOut=@
+
+[Install]
+WantedBy=sockets.target
diff --git a/systemd/tef-simulator.service.in b/systemd/tef-simulator.service.in

index 47f33af..6078ce7 100644 (file)
--- a/systemd/tef-simulator.service.in
+++ b/systemd/tef-simulator.service.in
@@ -1,6 +1,7 @@
  [Unit]
  Description=TEF Simulator Daemon
  DefaultDependencies=no
+Requires=tef-simulator-debugproxy.socket
  
  [Service]
  User=security_fw
author	Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
	Tue, 10 Jul 2018 09:50:11 +0000 (11:50 +0200)
committer	Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
	Wed, 1 Aug 2018 10:02:52 +0000 (12:02 +0200)
packaging/tef-simulator.spec		patch \| blob \| history
simulatordaemon/debugproxy/README		patch \| blob \| history
simulatordaemon/debugproxy/src/main.cpp		patch \| blob \| history
systemd/CMakeLists.txt		patch \| blob \| history
systemd/tef-simulator-debugproxy.service.in	[new file with mode: 0644]	patch \| blob
systemd/tef-simulator-debugproxy.socket	[new file with mode: 0644]	patch \| blob
systemd/tef-simulator.service.in		patch \| blob \| history