From: Konrad Lipinski <k.lipinski2@samsung.com>
Date: Mon, 17 Jan 2022 13:22:41 +0000 (+0100)
Subject: Security upgrade: always set dummy_file mode/label
X-Git-Tag: submit/tizen/20220119.054430^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=67162fda11a656c2568ffd75e24d379db1ea48a2;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Security upgrade: always set dummy_file mode/label

Prior to this commit, the script only changed the mode/label if the file
has not existed before. If the script ever managed to touch the file and
then got killed, the file's mode/label would never get properly adjusted
when running the script again.

Change-Id: I707870eea9abb63ccf10e8c54fb3ca984e92196a
---

diff --git a/upgrade/201.security_upgrade.sh b/upgrade/201.security_upgrade.sh
index 8aae085..7a7a2d9 100644
--- a/upgrade/201.security_upgrade.sh
+++ b/upgrade/201.security_upgrade.sh
@@ -29,9 +29,9 @@ sqlite3 /opt/dbspace/.policy.db "UPDATE prevent_list SET UID=$global_uid WHERE U
 if [ ! -e /opt/share/security-config/dummy_file ]
 then
 	touch /opt/share/security-config/dummy_file
-	chmod 600 /opt/share/security-config/dummy_file
-	chsmack -a "_" /opt/share/security-config/dummy_file
 fi
+chmod 600 /opt/share/security-config/dummy_file
+chsmack -a "_" /opt/share/security-config/dummy_file
 
 # start cynara & security-manager
 systemctl start security-manager-rules-loader