From: Segwon Date: Mon, 18 Dec 2017 07:58:17 +0000 (+0900) Subject: udev: change security label X-Git-Tag: submit/tizen_4.0/20171220.125806^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bf7f77b51d51492724c87d69aa1f26679d72cba0;p=platform%2Fcore%2Fsystem%2Fperipheral-bus.git udev: change security label - when receiving fd to lib from daemon, the kernel blocks fd by security check. - change 90-gpio.rules name to 90-peripheral-io.rules Change-Id: I5c75056e4d54fb667e6acdc7398f5f35ae9a3ff3 Signed-off-by: Segwon --- diff --git a/packaging/90-gpio.rules b/packaging/90-gpio.rules deleted file mode 100644 index a1dcd59..0000000 --- a/packaging/90-gpio.rules +++ /dev/null @@ -1,12 +0,0 @@ -SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ - RUN+="/bin/chown root:system_fw /sys%p/value",\ - RUN+="/bin/chmod g+rw /sys%p/value",\ - RUN+="/bin/chsmack -a System /sys%p/value" -SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ - RUN+="/bin/chown root:system_fw /sys%p/direction",\ - RUN+="/bin/chmod g+rw /sys%p/direction",\ - RUN+="/bin/chsmack -a System /sys%p/direction" -SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ - RUN+="/bin/chown root:system_fw /sys%p/edge",\ - RUN+="/bin/chmod g+rw /sys%p/edge",\ - RUN+="/bin/chsmack -a System /sys%p/edge" diff --git a/packaging/90-peripheral-io.rules b/packaging/90-peripheral-io.rules new file mode 100644 index 0000000..ca910bd --- /dev/null +++ b/packaging/90-peripheral-io.rules @@ -0,0 +1,18 @@ +SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ + RUN+="/bin/chown root:root /sys%p/value",\ + RUN+="/bin/chmod 0660 /sys%p/value",\ + RUN+="/bin/chsmack -a * /sys%p/value" +SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ + RUN+="/bin/chown root:root /sys%p/direction",\ + RUN+="/bin/chmod 0660 /sys%p/direction",\ + RUN+="/bin/chsmack -a * /sys%p/direction" +SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",\ + RUN+="/bin/chown root:root /sys%p/edge",\ + RUN+="/bin/chmod 0660 /sys%p/edge",\ + RUN+="/bin/chsmack -a * /sys%p/edge" + +SUBSYSTEM=="i2c-dev", KERNEL=="i2c-*", ACTION=="add", \ + MODE="0660", OWNER="root", GROUP="root", SECLABEL{smack}="*" + +SUBSYSTEM=="spidev", KERNEL=="spidev*.*", ACTION=="add", \ + MODE="0660", OWNER="root", GROUP="root", SECLABEL{smack}="*" diff --git a/packaging/peripheral-bus.spec b/packaging/peripheral-bus.spec index 0582b69..214424a 100644 --- a/packaging/peripheral-bus.spec +++ b/packaging/peripheral-bus.spec @@ -8,7 +8,7 @@ Source0: %{name}-%{version}.tar.gz Source1: %{name}.manifest Source2: %{name}.service Source3: %{name}.tmpfiles.conf -Source4: 90-gpio.rules +Source4: 90-peripheral-io.rules BuildRequires: cmake BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gio-2.0) @@ -58,6 +58,6 @@ cp %{_builddir}/%{name}-%{version}/data/*.ini %{buildroot}/etc/%{name} %{_bindir}/%{name} %{_unitdir}/%{name}.service %{_tmpfilesdir}/%{name}.conf -/usr/lib/udev/rules.d/90-gpio.rules +/usr/lib/udev/rules.d/90-peripheral-io.rules %{_unitdir}/multi-user.target.wants/%{name}.service /etc/peripheral-bus/*.ini diff --git a/src/gdbus/peripheral_gdbus_gpio.c b/src/gdbus/peripheral_gdbus_gpio.c index 20ca715..6c0fe49 100644 --- a/src/gdbus/peripheral_gdbus_gpio.c +++ b/src/gdbus/peripheral_gdbus_gpio.c @@ -65,23 +65,24 @@ gboolean peripheral_gdbus_gpio_open( goto out; } - ret = peripheral_interface_gpio_export(pin); + ret = peripheral_handle_gpio_create(pin, &gpio_handle, user_data); if (ret != PERIPHERAL_ERROR_NONE) { - _E("Failed to export gpio"); + _E("Failed to create gpio handle"); goto out; } - ret = peripheral_interface_gpio_fd_list_create(pin, &gpio_fd_list); + ret = peripheral_interface_gpio_export(pin); if (ret != PERIPHERAL_ERROR_NONE) { - _E("Failed to create gpio fd list"); - peripheral_interface_gpio_unexport(pin); + _E("Failed to export gpio"); + peripheral_handle_gpio_destroy(gpio_handle); goto out; } - ret = peripheral_handle_gpio_create(pin, &gpio_handle, user_data); + ret = peripheral_interface_gpio_fd_list_create(pin, &gpio_fd_list); if (ret != PERIPHERAL_ERROR_NONE) { - _E("Failed to create gpio handle"); + _E("Failed to create gpio fd list"); peripheral_interface_gpio_unexport(pin); + peripheral_handle_gpio_destroy(gpio_handle); goto out; } diff --git a/src/interface/peripheral_interface_pwm.c b/src/interface/peripheral_interface_pwm.c index d43f4a6..c7c5c95 100644 --- a/src/interface/peripheral_interface_pwm.c +++ b/src/interface/peripheral_interface_pwm.c @@ -14,6 +14,7 @@ * limitations under the License. */ +#include #include "peripheral_interface_pwm.h" #include "peripheral_interface_common.h" @@ -39,6 +40,34 @@ int peripheral_interface_pwm_export(int chip, int pin) ret = close(fd); IF_ERROR_RETURN(ret != 0); + snprintf(buf, MAX_BUF_LEN, "chsmack -a \"*\" /sys/class/pwm/pwmchip%d/pwm%d/period", chip, pin); + ret = system(buf); + if (ret != 0) { + _E("Failed to change period security label to read/write."); + return PERIPHERAL_ERROR_IO_ERROR; + } + + snprintf(buf, MAX_BUF_LEN, "chsmack -a \"*\" /sys/class/pwm/pwmchip%d/pwm%d/duty_cycle", chip, pin); + ret = system(buf); + if (ret != 0) { + _E("Failed to change duty_cycle security label to read/write."); + return PERIPHERAL_ERROR_IO_ERROR; + } + + snprintf(buf, MAX_BUF_LEN, "chsmack -a \"*\" /sys/class/pwm/pwmchip%d/pwm%d/polarity", chip, pin); + ret = system(buf); + if (ret != 0) { + _E("Failed to change polarity security label to read/write."); + return PERIPHERAL_ERROR_IO_ERROR; + } + + snprintf(buf, MAX_BUF_LEN, "chsmack -a \"*\" /sys/class/pwm/pwmchip%d/pwm%d/enable", chip, pin); + ret = system(buf); + if (ret != 0) { + _E("Failed to change enable security label to read/write."); + return PERIPHERAL_ERROR_IO_ERROR; + } + return PERIPHERAL_ERROR_NONE; } @@ -53,8 +82,6 @@ int peripheral_interface_pwm_unexport(int chip, int pin) char path[MAX_BUF_LEN] = {0}; char buf[MAX_BUF_LEN] = {0}; - _D("chip : %d, pin : %d", chip, pin); - snprintf(path, MAX_BUF_LEN, "/sys/class/pwm/pwmchip%d/unexport", chip); fd = open(path, O_WRONLY); IF_ERROR_RETURN(fd < 0);