From: Krzysztof Jackiewicz Date: Thu, 28 Mar 2019 14:23:04 +0000 (+0100) Subject: Chown token file instead of changing oded gid X-Git-Tag: accepted/tizen/unified/20190404.021942^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F57%2F202457%2F1;p=platform%2Fcore%2Fsecurity%2Fode.git Chown token file instead of changing oded gid Ode-fota is executed as system_shared uid/gid. The token file needs proper access rights to be readable by ode-fota. Chown() the token file to root:system_shared instead of modifying oded gid. Change-Id: I83b12d3a95d4b23ed68f97d66d096befe0249c54 --- diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in index 02aca38..85e19c6 100644 --- a/server/systemd/ode.service.in +++ b/server/systemd/ode.service.in @@ -4,7 +4,6 @@ Before=deviced.service [Service] Type=simple -Group=system_share SmackProcessLabel=System::Privileged ExecStart=@BIN_DIR@/@PROJECT_NAME@d Restart=on-failure diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp index 1cb33d4..80f1e92 100644 --- a/server/upgrade-support.cpp +++ b/server/upgrade-support.cpp @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -28,6 +29,7 @@ #include #include +#include #include @@ -50,6 +52,13 @@ const std::string UPGRADE_FLAG_PATH = "/opt/etc/.ode_upgrade_started"; std::mutex opGuard; +gid_t getSystemShareGid() +{ + static runtime::Group systemShare("system_share"); + + return systemShare.getGid(); +} + // not thread-safe because of static member class KeyStoragePlugin { public: @@ -187,6 +196,7 @@ void writeToken(runtime::File &file, const BinaryData& token) size_t tokenSize(token.size()); file.create(S_IRUSR | S_IWUSR | S_IRGRP); + file.chown(getuid(), getSystemShareGid()); file.write(&tokenSize, sizeof(tokenSize)); file.write(token.data(), token.size());