From 262a474351cc283b2bdbaf521370bcf3e7d95fcf Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Wed, 25 May 2016 09:47:09 +0200 Subject: [PATCH] Fix and generalize generation of default "apps-names" configuration files Per user "apps-names" files are used by recently merged functionality for app label monitor for the application launcher. The following fixes are provided: - Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config - Apply Smack labels in %post instead of %install to make the labels effective. RPM packages don't keep file xattrs, Smack labels must always be applied in package %post or in manifest. - Mark the files as config files to avoid overwrite of apps-names in TZ_SYS_RW_APP when security-manager is upgraded Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56 Signed-off-by: Rafal Krypa --- packaging/security-manager.spec | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec index ab7af8a..aef6987 100755 --- a/packaging/security-manager.spec +++ b/packaging/security-manager.spec @@ -20,6 +20,7 @@ BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: tizen-platform-config-tools BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(db-util) BuildRequires: pkgconfig(cynara-admin) @@ -60,6 +61,8 @@ Requires(post): tizen-platform-config-tools %description policy Set of security rules that constitute security policy in the system +%define TZ_SKEL_APP %(tzplatform-get TZ_USER_APP | cut -d= -f2 | sed "s|^$HOME|%{_sysconfdir}/skel|") + %prep %setup -q cp %{SOURCE1} . @@ -100,12 +103,9 @@ ln -s ../security-manager-rules-loader.service %{buildroot}/%{_unitdir}/basic.ta mkdir -p %{buildroot}/%{TZ_SYS_DB} touch %{buildroot}/%{TZ_SYS_DB}/.security-manager.db touch %{buildroot}/%{TZ_SYS_DB}/.security-manager.db-journal -mkdir -p %{buildroot}%{_sysconfdir}/skel/apps_rw -touch %{buildroot}%{_sysconfdir}/skel/apps_rw/apps-names -chsmack -a _ %{buildroot}%{_sysconfdir}/skel/apps_rw/apps-names -mkdir -p %{buildroot}%{TZ_SYS_RW_APP} -touch %{buildroot}%{TZ_SYS_RW_APP}/apps-names -chsmack -a _ %{buildroot}%{TZ_SYS_RW_APP}/apps-names + +install -m 0444 -D /dev/null %{buildroot}%{TZ_SKEL_APP}/apps-names +install -m 0444 -D /dev/null %{buildroot}%{TZ_SYS_RW_APP}/apps-names %clean rm -rf %{buildroot} @@ -125,9 +125,13 @@ if [ $1 = 2 ]; then systemctl restart security-manager.service %{_datadir}/security-manager/db/update.sh fi + chsmack -a System %{TZ_SYS_DB}/.security-manager.db chsmack -a System %{TZ_SYS_DB}/.security-manager.db-journal +chsmack -a _ %{TZ_SKEL_APP}/apps-names +chsmack -a _ %{TZ_SYS_RW_APP}/apps-names + %preun if [ $1 = 0 ]; then # unistall @@ -157,8 +161,8 @@ fi %attr(755,root,root) %{_bindir}/security-manager-cleanup %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/50_security-manager-add.post %attr(755,root,root) %{_sysconfdir}/gumd/userdel.d/50_security-manager-remove.pre -%attr(444,root,root) %{_sysconfdir}/skel/apps_rw/apps-names -%attr(444,root,root) %{TZ_SYS_RW_APP}/apps-names +%config(noreplace) %attr(444,root,root) %{TZ_SKEL_APP}/apps-names +%config(noreplace) %attr(444,root,root) %{TZ_SYS_RW_APP}/apps-names %dir %attr(700,root,root) %{TZ_SYS_VAR}/security-manager/rules %dir %attr(700,root,root) %{TZ_SYS_VAR}/security-manager/rules-merged -- 2.7.4