From 307066d08b855cd73a3d4500a4702519cc96b27b Mon Sep 17 00:00:00 2001 From: Yunjin Lee Date: Thu, 8 Dec 2016 17:25:58 +0900 Subject: [PATCH] Change policy db directory and fix typo - Change policy db directory to TZ_SYS_DB and modify its security configuration for DPM - Fix typo in profile definition Change-Id: Ib6feae1a74bd4ff5f172caa0bf669f6053b25a05 Signed-off-by: Yunjin Lee --- capi/CMakeLists.txt | 8 +++++--- capi/res/dbspace/CMakeLists.txt | 3 ++- packaging/privilege-checker.spec | 20 +++++++++++++++----- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/capi/CMakeLists.txt b/capi/CMakeLists.txt index 13b99a2..dcfaeed 100644 --- a/capi/CMakeLists.txt +++ b/capi/CMakeLists.txt @@ -27,6 +27,8 @@ IF("${ARCH}" STREQUAL "arm") ADD_DEFINITIONS("-DTARGET") ENDIF("${ARCH}" STREQUAL "arm") +MESSAGE("TZ_SYS_DB= ${TZ_SYS_DB}") + ADD_DEFINITIONS("-DPREFIX=\"${CMAKE_INSTALL_PREFIX}\"") ADD_DEFINITIONS("-DSLP_DEBUG") MESSAGE("PROFILE_TYPE = ${PROFILE_TYPE}") @@ -39,9 +41,9 @@ ELSEIF("${PROFILE_TYPE}" STREQUAL "TV") ENDIF() MESSAGE("PROFILE = ${PROFILE}") -IF("${PROFILE}" STREQUAL "WEARABLE") +IF("${PROFILE}" STREQUAL "wearable") ADD_DEFINITIONS("-DENABLE_ASKUSER") -ELSEIF("${PROFILE}" STREQUAL "MOBILE") +ELSEIF("${PROFILE}" STREQUAL "mobile") ADD_DEFINITIONS("-DENABLE_ASKUSER") ELSE() ADD_DEFINITIONS("-DDISABLE_ASKUSER") @@ -114,7 +116,7 @@ ADD_DEFINITIONS(-DPRIVILEGE_INFO_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privile ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_info.db") ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_mapping.db") ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_mapping.db") -ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${PRIVILEGE_DB_DIR}/.policy.db") +ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${TZ_SYS_DB}/.policy.db") SET(ROOT_DIR ${CMAKE_SOURCE_DIR}/cmake_build_tmp/output) SET(LOCALE_ROOT_PATH "${ROOT_DIR}/target/generic/root/usr/share/locale") diff --git a/capi/res/dbspace/CMakeLists.txt b/capi/res/dbspace/CMakeLists.txt index 0fa378e..0f8d29a 100644 --- a/capi/res/dbspace/CMakeLists.txt +++ b/capi/res/dbspace/CMakeLists.txt @@ -26,5 +26,6 @@ ENDIF() ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB}) -INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} ${POLICY_DB}-journal DESTINATION ${DATADIR}/privilege-manager/) +INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} DESTINATION ${DATADIR}/privilege-manager/) +INSTALL(FILES ${POLICY_DB} ${POLICY_DB}-journal DESTINATION ${TZ_SYS_DB}/) diff --git a/packaging/privilege-checker.spec b/packaging/privilege-checker.spec index 5080e64..2d30039 100644 --- a/packaging/privilege-checker.spec +++ b/packaging/privilege-checker.spec @@ -33,6 +33,7 @@ BuildRequires: gettext-tools BuildRequires: pkgconfig(pkgmgr-info) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(sqlite3) +BuildRequires: pkgconfig(libtzplatform-config) Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig @@ -96,7 +97,8 @@ echo cmake . -DPREFIX=%{_prefix} \ -DDPL_LOG="ON" \ -DDATADIR=%{_datadir} \ -DPROFILE_TYPE="${__PROFILE_TYPE}" \ - -DPROFILE=%{?profile} + -DPROFILE=%{?profile} \ + -DTZ_SYS_DB=%TZ_SYS_DB cmake . -DPREFIX=%{_prefix} \ -DEXEC_PREFIX=%{_exec_prefix} \ @@ -107,7 +109,8 @@ cmake . -DPREFIX=%{_prefix} \ -DDPL_LOG="ON" \ -DDATADIR=%{_datadir} \ -DPROFILE_TYPE="${__PROFILE_TYPE}" \ - -DPROFILE=%{?profile} + -DPROFILE=%{?profile} \ + -DTZ_SYS_DB=%TZ_SYS_DB make %{?jobs:-j%jobs} @@ -117,11 +120,18 @@ mkdir -p %{buildroot}%{_datadir}/license cp LICENSE.APLv2 %{buildroot}%{_datadir}/license/privilege-checker %if "%{?build_type}" != "NO_DB" mkdir -p %{buildroot}%{_datadir}/privilege-manager +mkdir -p %{buildroot}/%{TZ_SYS_DB} %endif %make_install %find_lang privilege -%post -n security-privilege-manager -p /sbin/ldconfig +%post -n security-privilege-manager +/sbin/ldconfig +%if "%{?build_type}" != "NO_DB" +chsmack -a System %{TZ_SYS_DB}/.policy.db +chsmack -a System %{TZ_SYS_DB}/.policy.db-journal +%endif + %postun -n security-privilege-manager -p /sbin/ldconfig %files -n privilege-checker @@ -135,8 +145,8 @@ mkdir -p %{buildroot}%{_datadir}/privilege-manager %{_datadir}/privilege-manager/.core_privilege_mapping.db %{_datadir}/privilege-manager/.wrt_privilege_info.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db -%config(noreplace) %{_datadir}/privilege-manager/.policy.db -%config(noreplace) %{_datadir}/privilege-manager/.policy.db-journal +%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db +%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db-journal %endif %manifest packaging/security-privilege-manager.manifest -- 2.7.4