From 3793b4f4d02b7e2284cd76d2498021ac9da9b81b Mon Sep 17 00:00:00 2001 From: Yunhee Seo Date: Tue, 4 Mar 2025 17:24:56 +0900 Subject: [PATCH] Add omitted file access control setting From hal-backend-device-rpi, there was no file access control configuration. Depends on device node read/write policy, dac/smack rule configs are added. hal-backend-device-rpi can support access control in the config rules. Change-Id: Ib23745510b7d0b37b05c01cab1e4271237a2bf3a Signed-off-by: Yunhee Seo --- CMakeLists.txt | 1 + conf/hal-backend-device-rpi.conf | 30 +++++++++++++++++++++++++++ packaging/hal-backend-device-rpi.spec | 2 ++ 3 files changed, 33 insertions(+) create mode 100644 conf/hal-backend-device-rpi.conf diff --git a/CMakeLists.txt b/CMakeLists.txt index 391daa1..f24c919 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,6 +19,7 @@ ENDIF() INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE.Apache-2.0 DESTINATION ${HAL_LICENSE_DIR}/${PROJECT_NAME}) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/conf/hal-backend-device-rpi.conf DESTINATION /hal/lib/tmpfiles.d) ADD_SUBDIRECTORY(hw/board) ADD_SUBDIRECTORY(hw/display) diff --git a/conf/hal-backend-device-rpi.conf b/conf/hal-backend-device-rpi.conf new file mode 100644 index 0000000..635cd13 --- /dev/null +++ b/conf/hal-backend-device-rpi.conf @@ -0,0 +1,30 @@ +z /sys/class/backlight/10-0045/brightness 0664 root system_fw - +t /sys/class/backlight/10-0045/brightness - - - - security.SMACK64="System::Shared" +z /sys/class/backlight/10-0045/max_brightness 0664 root system_fw - +t /sys/class/backlight/10-0045/max_brightness - - - - security.SMACK64="System::Shared" +z /sys/devices/platform/rpi_ft5406/enable 0664 root system_fw - +t /sys/devices/platform/rpi_ft5406/enable - - - - security.SMACK64="System::Shared" +z /mnt/inform/partition-ab.info 0664 root system_fw - +t /mnt/inform/partition-ab.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/partition-ab-cloned.info 0664 root system_fw - +t /mnt/inform/partition-ab-cloned.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/upgrade-progress-status.info 0664 root system_fw - +t /mnt/inform/upgrade-progress-status.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/partition-a-status.info 0664 root system_fw - +t /mnt/inform/partition-a-status.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/partition-b-status.info 0664 root system_fw - +t /mnt/inform/partition-b-status.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/reboot-param.bin 0664 root system_fw - +t /mnt/inform/reboot-param.bin - - - - security.SMACK64="System::Shared" +z /mnt/inform/upgrade-state.info 0664 root system_fw - +t /mnt/inform/upgrade-state.info - - - - security.SMACK64="System::Shared" +z /mnt/inform/upgrade-type.info 0664 root system_fw - +t /mnt/inform/upgrade-type.info - - - - security.SMACK64="System::Shared" +z /sys/firmware/devicetree/base/serial-number 0644 root system_fw - +t /sys/firmware/devicetree/base/serial-number - - - - security.SMACK64="System::Shared" +z /sys/kernel/debug/dri/0/gem_info 0644 root system_fw - +t /sys/kernel/debug/dri/0/gem_info - - - - security.SMACK64="System::Shared" +z /sys/kernel/debug/dri/1/gem_info 0644 root system_fw - +t /sys/kernel/debug/dri/1/gem_info - - - - security.SMACK64="System::Shared" +z /sys/class/thermal/thermal_zone0/temp 0644 root system_fw - +t /sys/class/thermal/thermal_zone0/temp - - - - security.SMACK64="System::Shared" \ No newline at end of file diff --git a/packaging/hal-backend-device-rpi.spec b/packaging/hal-backend-device-rpi.spec index 1e108d9..6072c4c 100644 --- a/packaging/hal-backend-device-rpi.spec +++ b/packaging/hal-backend-device-rpi.spec @@ -65,6 +65,7 @@ install -m 644 hw/upgrade/* %{buildroot}%{_hal_sysconfdir}/upgrade %post /sbin/ldconfig +systemd-tmpfiles /hal/lib/tmpfiles.d/hal-backend-device-rpi.conf --create %postun /sbin/ldconfig @@ -112,3 +113,4 @@ popd %{_hal_sysconfdir}/peripheral-io/rpi4/gpio.ini %{_hal_sysconfdir}/upgrade/* %{_hal_libdir}/libhal-backend-device-display.rpi4.so +/hal/lib/tmpfiles.d/hal-backend-device-rpi.conf -- 2.34.1