Now with application labels no longer hardcoded to "User", it's time to
work on actual policy enforcment in services. Platform components that are
not downloadabla applications will run with "User" and "System" labels (for
User and System domains). They should not be restricted by Cynara.
Change-Id: I62ea8295804f3ad04b1a538642d2098aab45cb48
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
# Create default buckets
while read bucket default_policy
do
- # Reuse the main bucket for PRIVACY_MANAGER bucket
+ # Reuse the primary bucket for PRIVACY_MANAGER bucket
[ "$bucket" = "PRIVACY_MANAGER" ] && bucket=""
cyad --set-bucket="$bucket" --type="$default_policy"
done <<END
done |
cyad --set-policy --bulk=-
done
+
+# Non-application programs get access to all privileges
+for client in User System
+do
+ cyad --set-policy --bucket=MAIN --client="$client" --user="*" --privilege="*" --type=ALLOW
+done