meta-webosose: import recipes which often reproduce Yocto #12434

* just temporary to make it easier to reproduce, import big part of meta-webosose
  and some recipes from meta-oe
* luna-init: /luna-init-fonts/usr/share/fonts/PreludeCompWGL-Light.ttf is owned by uid 1001, which is the same as the user running bitbake. This may be due to host contamination
* qml-webos-framework: /qml-webos-framework/usr/share/dbus-1/system-services/com.webos.qml-app.service is owned by uid 1101, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]

* to reproduce this you can try to use something like this:
  export COMP=luna-init; for i in `seq -w 1 999`; do echo $i; bitbake -v -v -DDDD -f -c package ${COMP} 2>${COMP}-logerr.$i >${COMP}-log.$i; bitbake  -v -v -DDDD -f -c package_qa ${COMP} 2>${COMP}-logerr.qa.$i >${COMP}-log.qa.$i || { cp -ra BUILD/work/i586-oe-linux/${COMP}/ ${COMP}-workdir-$i; bitbake -c cleansstate ${COMP} ; } done

  export COMP=qml-webos-framework; for i in `seq -w 1 999`; do echo $i; bitbake -v -v -DDDD -f -c package ${COMP} 2>${COMP}-logerr.$i >${COMP}-log.$i; bitbake  -v -v -DDDD -f -c package_qa ${COMP} 2>${COMP}-logerr.qa.$i >${COMP}-log.qa.$i || { cp -ra BUILD/work/i586-oe-linux/${COMP}/ ${COMP}-workdir-$i; bitbake -c cleansstate ${COMP} ; } done

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

1 files changed, 179 insertions, 0 deletions

diff --git a/meta/classes/webos_app_generate_security_files.bbclass b/meta/classes/webos_app_generate_security_files.bbclass
new file mode 100644
index 0000000000..ac21866de1
--- /dev/null
+++ b/meta/classes/webos_app_generate_security_files.bbclass
@@ -0,0 +1,179 @@
+# Copyright (c) 2015-2017 LG Electronics, Inc.
+#
+# webos_app_generate_security_files
+#
+# This class is to be inherited by the recipe for every application that needs
+# to generate permission and role files from its appinfo.json.
+# This will happen implicitly, as all such applications will inherit from
+# webos_app, which inherits this class.
+#
+# Keep this code in sync with that in appinstalld that does the same thing
+# until [DRD-4417] is implemented.
+#
+
+inherit webos_system_bus
+
+WEBOS_SYSTEM_BUS_CONFIGURE_FILES ??= "TRUE"
+
+def webos_app_generate_security_files_write_permission_file(d, app_info):
+    import os
+    import json
+
+    app_id = app_info["id"]
+    key    = app_id + "-*"
+    type   = app_info["type"]
+
+    permission = {}
+
+    if "requiredPermissions" in app_info:
+        permission[key] = app_info["requiredPermissions"]
+    else:
+        permission[key] = []
+        pub_bus = False
+        prv_bus = False
+        trust_level = app_info.get("trustLevel", "default")
+        if trust_level == "default":
+            pub_bus = True
+        elif trust_level == "trusted":
+            pub_bus = True
+            prv_bus = True
+        elif trust_level == "netcast":
+            # According to https://wiki.lgsvl.com/display/webOSDocs/Security+Level+for+web+applications
+            # netcast level dosn't have access to public and private bus
+            pass
+        else:
+            bb.fatal("Unexpected trustLevel: " + trust_level)
+
+        if type == "web":
+            if "com.palm." in app_id or "com.webos." in app_id:
+                prv_bus = True
+        elif type == "qml":
+            prv_bus = True
+            pub_bus = True
+
+        if prv_bus:
+            permission[key].append("private")
+            pub_bus = True
+
+        if pub_bus:
+            permission[key].append("public")
+
+    dst_dir         = d.getVar("D", True)
+    permissions_dir = d.getVar("webos_sysbus_permissionsdir", True)
+    permission_file = permissions_dir + "/" + app_id + ".app.json"
+
+    if not os.path.exists(dst_dir + permissions_dir):
+        os.makedirs(dst_dir + permissions_dir)
+
+    with open(dst_dir + permission_file, "w") as f:
+        json.dump(permission, f, indent=4)
+        f.write("\n")
+
+    return permission_file
+
+def webos_app_generate_security_files_write_role_file(d, app_info):
+    import os
+    import json
+
+    app_id = app_info["id"]
+
+    role = {}
+
+    role["appId"] = app_id
+    role["type"]  = "regular"
+    role["allowedNames"] = [app_id + "-*"]
+    role["permissions"] = [{"service": app_id + "-*", "outbound": ["*"] }]
+
+    dst_dir   = d.getVar("D", True)
+    roles_dir = d.getVar("webos_sysbus_rolesdir", True)
+    role_file = roles_dir + "/" + app_id + ".app.json"
+
+    if not os.path.exists(dst_dir + roles_dir):
+        os.makedirs(dst_dir + roles_dir)
+
+    with open(dst_dir + role_file, "w") as f:
+        json.dump(role, f, indent=4)
+        f.write("\n")
+
+    return role_file
+
+def webos_app_generate_security_files_get_immediate_subdirectories(root):
+    import os
+    return [name for name in os.listdir(root)
+            if os.path.isdir(os.path.join(root, name))]
+
+def webos_app_generate_security_files_comment_remover(text):
+    import re
+
+    def replacer(match):
+        s = match.group(0)
+        return "" if s.startswith('/') else s
+
+    pattern = re.compile(r'//.*?$|/\*.*?\*/|\'(?:\\.|[^\\\'])*\'|"(?:\\.|[^\\"])*"',
+        re.DOTALL | re.MULTILINE
+    )
+    return re.sub(pattern, replacer, text)
+
+def webos_app_generate_security_files_read_json(file):
+    """ Read a JSON file with comments: //, /**/ """
+
+    import json
+
+    with open(file, "r") as f:
+        content = f.read()
+
+    content = webos_app_generate_security_files_comment_remover(content)
+    return json.loads(content)
+
+fakeroot python do_configure_security() {
+    import json
+    import os.path
+
+    if d.getVar("WEBOS_SYSTEM_BUS_CONFIGURE_FILES", True) != "TRUE":
+        return
+
+    dst_dir = d.getVar("D", True)
+    app_dir = dst_dir + d.getVar("webos_applicationsdir", True)
+
+    # ignore component that isn't app
+    if not os.path.exists(app_dir):
+        return
+
+    roles_dir     = dst_dir + d.getVar("webos_sysbus_rolesdir", True)
+    pub_roles_dir = dst_dir + d.getVar("webos_sysbus_pubrolesdir", True)
+    prv_roles_dir = dst_dir + d.getVar("webos_sysbus_prvrolesdir", True)
+
+    apps = webos_app_generate_security_files_get_immediate_subdirectories(app_dir)
+
+    pkg_name = d.getVar("PN", True)
+    for app in apps:
+        app_info_file = app_dir + "/" + app + "/appinfo.json"
+
+        # ignore app that doesn't have appinfo.json
+        if not os.path.exists(app_info_file):
+            continue
+
+        # ignore app that already has role file
+        role_file = roles_dir + "/" + app + ".role.json"
+        if os.path.exists(role_file):
+            continue
+
+        # ignore app that already has public role file
+        pub_role_file = pub_roles_dir + "/" + app + ".json"
+        if os.path.exists(pub_role_file):
+            continue
+
+        # ignore app that already has private role file
+        prv_role_file = prv_roles_dir + "/" + app + ".json"
+        if os.path.exists(prv_role_file):
+            continue
+
+        app_info = webos_app_generate_security_files_read_json(app_info_file)
+
+        type = app_info["type"]
+        if type in ["qml", "web"]:
+            role_file       = webos_app_generate_security_files_write_role_file(d, app_info)
+            permission_file = webos_app_generate_security_files_write_permission_file(d, app_info)
+}
+
+addtask configure_security after do_install before do_package