1. add strace tools. 2. add libcap to change network caps. 3. add avs user input rights

2022-06-28 08:20:28 -07:00 · 2022-06-28 08:20:28 -07:00 · 79a9b58170
parent 6366f4a8e3
commit 79a9b58170
6 changed files with 181 additions and 1 deletions
--- a/meta/meta-mediatek-aud/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch
+++ b/meta/meta-mediatek-aud/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch
@ -0,0 +1,32 @@
 Ensure the XATTR_NAME_CAPS is defined when it is used
 Upstream-Status: Pending
 VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build
 libcap-native in old release, like CentOS release 6.7 (Final), with the blow
 error:
     cap_file.c: In function ‘cap_get_fd’:
     cap_file.c:199: error: ‘XATTR_NAME_CAPS’ undeclared (first use in this function)
     cap_file.c:199: error: (Each undeclared identifier is reported only once
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 ---
 libcap/cap_file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libcap/cap_file.c b/libcap/cap_file.c
 index 40756ea..e27ca80 100644
 --- a/libcap/cap_file.c
 +++ b/libcap/cap_file.c
@@ -25,7 +25,7 @@ extern int fremovexattr(int, const char *);
 #include "libcap.h"
 -#ifdef VFS_CAP_U32
 +#if defined (VFS_CAP_U32) && defined (XATTR_NAME_CAPS)
 #if VFS_CAP_U32 != __CAP_BLKS
 # error VFS representation of capabilities is not the same size as kernel
 -- 
 2.8.1
--- a/meta/meta-mediatek-aud/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
+++ b/meta/meta-mediatek-aud/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
@ -0,0 +1,34 @@
 From fc60e000169618a4adced845b9462d36ced1efdd Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Thu, 14 Oct 2021 15:57:36 +0800
 Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl
 paths
 This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings
 and lengths as well as ld.so.cache path in the dynamic loader to specific
 sections in memory. The sections that contain paths have been allocated a 4096
 byte section, which is the maximum path length in linux. This will allow the
 relocating script to parse the ELF binary, detect the section and easily replace
 the strings in a certain path.
 Upstream-Status: Inappropriate [SDK specific]
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
 libcap/execable.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libcap/execable.h b/libcap/execable.h
 index fee17b4..5bb0c55 100644
 --- a/libcap/execable.h
 +++ b/libcap/execable.h
@@ -23,7 +23,7 @@
 #endif
 #define __EXECABLE_H
 -const char __execable_dl_loader[] __attribute((section(".interp"))) =
 +const char __execable_dl_loader[4096] __attribute((section(".interp"))) =
     SHARED_LOADER ;
 static void __execable_parse_args(int *argc_p, char ***argv_p)
--- a/meta/meta-mediatek-aud/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
+++ b/meta/meta-mediatek-aud/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
@ -0,0 +1,30 @@
 From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 20 Dec 2019 16:54:05 +0100
 Subject: [PATCH] tests: do not run target executables
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 ---
 tests/Makefile | 2 --
 1 file changed, 2 deletions(-)
 diff --git a/tests/Makefile b/tests/Makefile
 index ecb7d1b..8950c73 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
@@ -61,13 +61,11 @@ endif
 # unprivileged
 run_psx_test: psx_test
 -	./psx_test
 psx_test: psx_test.c $(DEPS)
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB)
 run_libcap_psx_test: libcap_psx_test
 -	./libcap_psx_test
 libcap_psx_test: libcap_psx_test.c $(DEPS)
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)
--- a/meta/meta-mediatek-aud/recipes-support/libcap/libcap_2.64.bb
+++ b/meta/meta-mediatek-aud/recipes-support/libcap/libcap_2.64.bb
@ -0,0 +1,83 @@
 SUMMARY = "Library for getting/setting POSIX.1e capabilities"
 DESCRIPTION = "A library providing the API to access POSIX capabilities. \
 These allow giving various kinds of specific privileges to individual \
 users, without giving them full root permissions."
 HOMEPAGE = "http://sites.google.com/site/fullycapable/"
 # no specific GPL version required
 LICENSE = "BSD-3-Clause | GPL-2.0-only"
 LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=0ad4c9c052b9719ee4fce1bfc7c7dee4"
 LIC_FILES_CHKSUM = "\
    file://License;md5=e2370ba375efe9e1a095c26d37e483b8 \
    ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \
 "
 DEPENDS = "hostperl-runtime-native gperf-native"
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \
           file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
           file://0002-tests-do-not-run-target-executables.patch \
 		   file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
           "
 SRC_URI[sha256sum] = "c8465e1f0b068d5fc06199231135ccac7adb56d662b1de93589252e8cd071e13"
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
 # inherit lib_package
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
 PACKAGECONFIG_class-native ??= ""
 PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam"
 EXTRA_OEMAKE = " \
  INDENT=  \
  lib='${baselib}' \
  RAISE_SETFCAP=no \
  DYNAMIC=yes \
  USE_GPERF=yes \
 "
 EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}"
 do_compile() {
 	unset CFLAGS BUILD_CFLAGS
 	oe_runmake \
 		${PACKAGECONFIG_CONFARGS} \
 		AR="${AR}" \
 		CC="${CC}" \
 		RANLIB="${RANLIB}" \
                OBJCOPY="${OBJCOPY}" \
 		COPTS="${CFLAGS}" \
 		BUILD_COPTS="${BUILD_CFLAGS}"
 }
 do_install() {
 	oe_runmake install \
 		${PACKAGECONFIG_CONFARGS} \
 		DESTDIR="${D}" \
 		prefix="${prefix}" \
 		SBINDIR="${sbindir}"
 }
 do_install_append() {
 	# Move the library to base_libdir
 	install -d ${D}${base_libdir}
 	install -d ${D}${sbindir}
 	install -m 0755 ${B}/progs/setcap ${D}${sbindir}/setcap
 	if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
 		mv ${D}${libdir}/libcap* ${D}${base_libdir}
                if [ -d ${D}${libdir}/security ]; then
 			mv ${D}${libdir}/security ${D}${base_libdir}
 		fi
 	fi
 }
 FILES_${PN}-dev += "${base_libdir}/*.so"
 # pam files
 FILES_${PN} = "${base_libdir}/security/*.so"
 FILES_${PN} += "${sbindir}/* /lib64/* /usr/lib64/*" 
 BBCLASSEXTEND = "native nativesdk"
--- a/meta/meta-mediatek-mt8516/recipes-audio/images/mtk-image-aud-8516.bb
+++ b/meta/meta-mediatek-mt8516/recipes-audio/images/mtk-image-aud-8516.bb
@ -81,6 +81,7 @@ IMAGE_INSTALL_append = " \
    json-c \
    libev	\
    iptables \
    strace \
 "
 install_proc() {
--- a/meta/poky/meta/recipes-core/base-files/base-files/group
+++ b/meta/poky/meta/recipes-core/base-files/base-files/group
@ -12,7 +12,7 @@ uucp:x:10:
 man:x:12:
 proxy:x:13:
 kmem:x:15:
-input:x:19:
+input:x:19:avs
 dialout:x:20:
 fax:x:21:
 voice:x:22: