Grant all privileges to programs with "User" and "System" Smack labels

[platform/core/security/security-manager.git] / policy / security-manager-policy-reload

diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
index 807daf3..d15cec5 100755 (executable)
--- a/policy/security-manager-policy-reload
+++ b/policy/security-manager-policy-reload
@@ -5,7 +5,7 @@ USERTYPE_POLICY_PATH=/usr/share/security-manager/policy
 # Create default buckets
 while read bucket default_policy
 do
-    # Reuse the main bucket for PRIVACY_MANAGER bucket
+    # Reuse the primary bucket for PRIVACY_MANAGER bucket
     [ "$bucket" = "PRIVACY_MANAGER" ] && bucket=""
     cyad --set-bucket="$bucket" --type="$default_policy"
 done <<END
@@ -50,3 +50,9 @@ do
     done |
     cyad --set-policy --bulk=-
 done
+
+# Non-application programs get access to all privileges
+for client in User System
+do
+    cyad --set-policy --bucket=MAIN --client="$client" --user="*" --privilege="*" --type=ALLOW
+done