Modification about smack label of db file belong to process.

[Problem]
Most db files have 'floor' label.  Because these are created when binary is built.
No process can write db (since 'floor' label allows only read and execute)

[Solution]
Modify smack label based on below condition and three domain model
Condition1. Assign domain of process creates db files
Condition2. Assign domain of process uses db files.

Change-Id: Ie9febb019833c04b4f634cb2751dec3a6bc31bdb
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>

diff --git a/packaging/privacy-manager-server.manifest b/packaging/privacy-manager-server.manifest
index c00c25b..1672cef 100644 (file)
--- a/packaging/privacy-manager-server.manifest
+++ b/packaging/privacy-manager-server.manifest
@@ -2,4 +2,7 @@
         <request>
                 <domain name="_" />
         </request>
+       <assign>
+               <filesystem path="/opt/dbspace/.privacylist.db*" label="User" />
+       </assign>
 </manifest>

diff --git a/packaging/privacy-manager.spec b/packaging/privacy-manager.spec
index f963fbd..99057f6 100644 (file)
--- a/packaging/privacy-manager.spec
+++ b/packaging/privacy-manager.spec
@@ -114,6 +114,7 @@ then
        echo "Create privacy DB"
        %{_bindir}/privacy_manager_create_clean_db.sh
 fi
+chsmack -a 'User' %{TZ_SYS_DB}/.privacy.db*
 
 %postun -p /sbin/ldconfig