projects / platform / core / security / security-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c669c5)
Install smack_default_labeling 59/78559/1
authorjin-gyu.kim <jin-gyu.kim@samsung.com>
Wed, 6 Jul 2016 05:37:35 +0000 (14:37 +0900)
committerjin-gyu.kim <jin-gyu.kim@samsung.com>
Wed, 6 Jul 2016 05:38:33 +0000 (14:38 +0900)
- It sets smack label for the specific folder.
- It is executed by security-config.service

Change-Id: Ica179a7282bd18978ba22f8ad477a664106ceb84

CMakeLists.txt patch | blob | history
packaging/security-config.spec patch | blob | history
smack/smack_default_labeling [new file with mode: 0644] patch | blob
systemd/security-config.service patch | blob | history

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 024af487a4dc677f0f3e49ea97d53ba12518564c..fcd7f2af0e758192f93df28e5217fe199ecce64c 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,6 +14,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/set_capability DESTINATION /usr/share/s
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/lib/tmpfiles.d/)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config)
 
 INSTALL(FILES
     ${CMAKE_SOURCE_DIR}/packaging/security-config.manifest
diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index f4d7ca2eaca6396f5f0badb58ee5df03bc9b7508..7e524c6d9345a7e33ba0954ff346b120cfdbd694 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -61,3 +61,4 @@ mkdir -p /usr/share/security-config/log
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
 %attr(-,root,root) %{_unitdir}/security-config.service
 %attr(-,root,root) %{_unitdir}/multi-user.target.wants/security-config.service
+%attr(755,root,root) /usr/share/security-config/smack_default_labeling
diff --git a/smack/smack_default_labeling b/smack/smack_default_labeling
new file mode 100644 (file)
index 0000000..a529390
--- /dev/null
+++ b/smack/smack_default_labeling
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# check initial boot
+function check_init_boot
+{
+       if [ ! -e /usr/share/security-config/.smack_pre_labeling ]
+       then
+               touch /usr/share/security-config/.smack_pre_labeling
+               return 1
+       fi
+       return 0
+}
+
+# Set default smack label for the specific file or folder
+function set_smack_label
+{
+       chsmack -r -a "_" /csa
+}
+
+check_init_boot
+
+if [ "$?" == 1 ] # Init boot case
+then
+       set_smack_label
+fi
diff --git a/systemd/security-config.service b/systemd/security-config.service
index e13d562e4437d96ce74d3f2216d66193e1f6cb3e..ed8c8b9e34f60fdde4bd30c8b72e996566a423fb 100644 (file)
--- a/systemd/security-config.service
+++ b/systemd/security-config.service
@@ -3,7 +3,7 @@ Description=security-config service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/chsmack -r -a "_" /csa
+ExecStart=/usr/share/security-config/smack_default_labeling
 
 [Install]
 WantedBy=multi-user.target
Domain: Security / Access Control;