From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Tue, 9 Jan 2018 10:41:20 +0000 (+0900)
Subject: Enable run-time permission only for specific profiles.
X-Git-Tag: submit/tizen/20180117.202200~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7997fae527e8e225d69715fd5529bc72e301b85d;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Enable run-time permission only for specific profiles.

- Run-time permission is not required for all profiles.
- Set the flag file which can distinguish it.

Change-Id: I70397952cc2c25fb7d127391c2ff3d88e9ee94d4
---

diff --git a/config/90_user-content-permissions.post b/config/90_user-content-permissions.post
index 181d38e..a9dc4b1 100644
--- a/config/90_user-content-permissions.post
+++ b/config/90_user-content-permissions.post
@@ -4,5 +4,12 @@ PATH=/bin:/usr/bin:/sbin:/usr/sbin
 
 NEW_USER=$1
 export `tzplatform-get --user $NEW_USER TZ_USER_CONTENT`
-find $TZ_USER_CONTENT -type d -exec chown root:priv_mediastorage {} + -exec chmod 2770 {} +
+
+if [ -e /opt/share/askuser_disable ]
+then
+	find $TZ_USER_CONTENT -type d -exec chown root:priv_mediastorage {} + -exec chmod 2770 {} +
+else
+	find $TZ_USER_CONTENT -type d -exec chown root:priv_mediastorage {} + -exec chmod 2777 {} +
+fi
+
 find $TZ_USER_CONTENT -type l -exec chown -h root:priv_mediastorage {} + -exec chsmack -a '_' {} +
diff --git a/config/set_capability b/config/set_capability
index ab2232a..482da1a 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -627,7 +627,7 @@ fi
 
 # This is not related with the capability, but place here to run in generic-security.post
 # It would be better to run this separately in generic-security.post future.
-if [ -e /usr/share/security-config/update_privacy_mount_list.sh ] && [ -e /usr/share/security-manager/policy/privilege-mount.list ]
+if [ -e /usr/share/security-config/update_privacy_mount_list.sh ] && [ -e /usr/share/security-manager/policy/privilege-mount.list ] && [ ! -e /opt/share/askuser_disable ]
 then
 	/usr/share/security-config/update_privacy_mount_list.sh
 fi
diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index 9a6099e..0f0b1be 100755
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -55,6 +55,8 @@ ln -s ../%{name}.service %{buildroot}/%{_unitdir}/multi-user.target.wants/%{name
 /usr/share/security-config/set_label
 mkdir -p /opt/share/security-config/result
 mkdir -p /opt/share/security-config/log
+touch /opt/share/askuser_disable
+chmod 600 /opt/share/askuser_disable
 
 %post profile_mobile
 mv /opt/share/security-config/test/root_test/mobile/* /opt/share/security-config/test/root_test/
@@ -65,6 +67,7 @@ rm -r /opt/share/security-config/test/root_test/wearable/
 rm -r /opt/share/security-config/test/capability_test/mobile/
 rm -r /opt/share/security-config/test/capability_test/wearable/
 rm -r /opt/share/security-config/test/new_service_test/list/
+rm -f /opt/share/askuser_disable
 
 %postun profile_mobile
 rm /opt/share/security-config/test/root_test/*
@@ -80,6 +83,7 @@ rm -r /opt/share/security-config/test/root_test/wearable/
 rm -r /opt/share/security-config/test/capability_test/mobile/
 rm -r /opt/share/security-config/test/capability_test/wearable/
 rm -r /opt/share/security-config/test/new_service_test/list/
+rm -f /opt/share/askuser_disable
 
 %postun profile_wearable
 rm /opt/share/security-config/test/root_test/*