Skip to content
Browse files

Allow world-read permissions for LS2 services

:Release Notes:
It should be safe for static LS2 services to be world-readable.

:Detailed Notes:

:Testing Performed:
Studied build logs.

:QA Notes:

:Issues Addressed:
[ANG-12] Fix build script for binary permissions checking to allow read
         permissions for all

Open-webOS-DCO-1.0-Signed-off-by: Anatolii Sakhnik <anatolii.sakhnik@lge.com>

Change-Id: I982ab3b78e660d729e18a460cddaecabec46d600
Reviewed-on: https://g2g.palm.com/4364
Reviewed-by: DCO Verification
Build: Keith Derrick <keith.derrick@lge.com>
Reviewed-by: Martin Jansa <Martin.Jansa@lge.com>
Reviewed-by: Build Verification
Reviewed-by: Keith Derrick <keith.derrick@lge.com>
Tested-by: Keith Derrick <keith.derrick@lge.com>
Reviewed-by: Susan Montooth <susan.montooth@lge.com>
  • Loading branch information...
1 parent 2bd8a36 commit 53dce2e3557cdc00481b270a2adc54991b503cdc @sakhnik sakhnik committed with susan-montooth Jan 10, 2014
Showing with 5 additions and 5 deletions.
  1. +5 −5 classes/webos-image.bbclass
View
10 classes/webos-image.bbclass
@@ -98,17 +98,17 @@ luna_service2_check_permissions () {
continue
fi
- # Check file permissions of the file. We want that the file ins't
- # accessible by others:
+ # Check file permissions of the file. We want that the file isn't
+ # executable or writable by others:
# -rwxr-x--- (0750)
if ! perms=`stat -L -c %a ${IMAGE_ROOTFS}$f` 2>/dev/null ; then
bbwarn "QA Issue: Unable to check the binary $f mentioned in LS2 role files"
continue
fi
- # Get the "other" part of octal permissions
+ # Get the "other" part of octal permissions, and show warning if it's more than readable
world_bits=`echo $perms | cut -c 3-`
- if [ $world_bits != 0 ]; then
- bbwarn "QA Issue: LS2 service $f is accessible for the whole world"
+ if [ $world_bits != 0 -a $world_bits != 4 ]; then
+ bbwarn "QA Issue: LS2 service $f is writable or executable for the whole world"
fi
done
}

0 comments on commit 53dce2e

Please sign in to comment.
Something went wrong with that request. Please try again.