WPEFramework: changes to enable user:group related permission during the build (#470)

* Add default users to rootfs

* Compile fixes + ignore symbolic links while doing permissions recursively

* Thunder: user:group add users which need protected content also to ocdm group

* Adding custom config fragments

* Revert commit  bca065d

* wpeframework: add option to set groups for device access

* wpeframework: comment out platform audio group

* wpeframework: configurable video group

* wpeframework: Simplify generic thunder group

* WPEFramework: Add rule to set proper permission for device node while enabling thunder group

* WPE: User/Group: add group setting for video device node based on platform video device group and use ocdm-user as the defautl ocdm-group if group alone not enbaled case

* Thunder: Set Data path user:group permissions from build sequence

* Amazon: install library to data path and create link to /usr/lib to set proper permissions in DataPath
Cobalt: set Cobalt Data path, where the data files need to install
Thunder, OCDM, WebKitBrowser, Netflix, Cobalt and Amazon: Set data path permission during the build

* WebKitBrowser: Set Data path permission user:group read access alone

Co-authored-by: Bram Oosterhuis <[email protected]>

Author: HaseenaSainul

board/metrological/busybox/enable-adduser.fragment

@@ -0,0 +1 @@
+CONFIG_FEATURE_ADDUSER_TO_GROUP=y

board/metrological/kernel/disable-module-compression.fragment

@@ -0,0 +1,5 @@
+# Disable module compression
+CONFIG_MODULE_COMPRESS_NONE=y
+CONFIG_MODULE_COMPRESS_GZIP=n
+CONFIG_MODULE_COMPRESS_XZ=n
+CONFIG_MODULE_COMPRESS_ZSTD=n

board/metrological/uclibc-ng/uclib-ng-enable-client-backtrace.fragment

@@ -0,0 +1 @@
+UCLIBC_HAS_BACKTRACE=y

package/amazon-ignition/amazon-ignition.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-AMAZON_IGNITION_VERSION = 92c39937e6ddc69bc67bbb1fdb715515c0a7c6e5
+AMAZON_IGNITION_VERSION = 4fcef097a49f2316d8a92fbf609f4d396b2a29a
 AMAZON_IGNITION_SITE_METHOD = git
 AMAZON_IGNITION_SITE = [email protected]:Metrological/amazon.git
 AMAZON_IGNITION_DEPENDENCIES = jpeg libpng wpeframework amazon-backend libcurl
@@ -131,32 +131,31 @@ define AMAZON_IGNITION_INSTALL_GENERIC
 endef
 
 define AMAZON_IGNITION_INSTALL_IGNITION
-    @$(call MESSAGE,"Installing ignition to: $(call qstrip,$(1))")  
-    @$(INSTALL) -v -d -m 0755 $(call qstrip,$(1))/$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)
+    @$(call MESSAGE,"Installing ignition to: $(call qstrip,$(TARGET_DIR))")
+    @$(INSTALL) -v -d -m 0755 $(call qstrip,$(TARGET_DIR))/$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)
 
-    $(INSTALL) -d $(1)/usr/lib
-    $(INSTALL) -m 755 ${AMAZON_IGNITION_BINARY_INSTALL_DIR}/lib/*.so $(1)/usr/lib
+    rsync -av --exclude lib/ ${AMAZON_IGNITION_BINARY_INSTALL_DIR}/ $(call qstrip,$(TARGET_DIR))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)
 
-    rsync -av --exclude lib/ ${AMAZON_IGNITION_BINARY_INSTALL_DIR}/ $(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)
-    $(INSTALL) -d $(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib
+    $(INSTALL) -d $(call qstrip,$(TARGET_DIR))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib
+    $(INSTALL) -m 755 ${AMAZON_IGNITION_BINARY_INSTALL_DIR}/lib/*.so $(call qstrip,$(TARGET_DIR))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib
 
-    ln -sf "../../../lib/libignition.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libignition.so"
-    ln -sf "../../../lib/libprime-video-device-layer.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libprime-video-device-layer.so"
-    ln -sf "../../../lib/libamazon_playready.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_playready.so"
-    ln -sf "../../../lib/libamazon_player_mediapipeline.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_player_mediapipeline.so"
-    ln -sf "../../../lib/libamazon_player.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_player.so"
-
-    ln -sf "../../../lib/libamazon-backend.so" "$(call qstrip,$(1))$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon-backend.so"
+    $(INSTALL) -d $(TARGET_DIR)/usr/lib
+    ln -sf "$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libignition.so" "$(TARGET_DIR)/usr/lib/libignition.so"
+    ln -sf "$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_player.so" "$(TARGET_DIR)/usr/lib/libamazon_player.so"
+    ln -sf "$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_playready.so" "$(TARGET_DIR)/usr/lib/libamazon_playready.so"
+    ln -sf "$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libamazon_player_mediapipeline.so" "$(TARGET_DIR)/usr/lib/libamazon_player_mediapipeline.so"
+    ln -sf "$(BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH)/lib/libprime-video-device-layer.so" "$(TARGET_DIR)/usr/lib/libprime-video-device-layer.so"
 endef
 
 define AMAZON_IGNITION_INSTALL_IGNITION_DEV
-    @$(call MESSAGE,"Installing ignition headers to: ${STAGING_DIR}/usr/include/ignition") 
-    @$(call AMAZON_IGNITION_INSTALL_IGNITION, ${STAGING_DIR})
+    @$(call MESSAGE,"Installing ignition headers to: ${STAGING_DIR}/usr/include/ignition")
 
     @$(INSTALL) -v -d -m 0755 ${STAGING_DIR}/usr/include/ignition
 
     @$(call MESSAGE,"Installing ignition header  [ ${AMAZON_IGNITION_DEVICE_LAYER_DIR}/../interface/ ] to: ${STAGING_DIR}/usr/include/ignition")
     cd "${AMAZON_IGNITION_DEVICE_LAYER_DIR}/../interface/include" && find -name "*.h" -type f -exec cp --parents {} ${STAGING_DIR}/usr/include/ignition/ \;
+    $(INSTALL) -d ${STAGING_DIR}/usr/lib
+    $(INSTALL) -m 755 ${AMAZON_IGNITION_BINARY_INSTALL_DIR}/lib/*.so ${STAGING_DIR}/usr/lib
 endef
 
 ifeq ($(BR2_PACKAGE_AMAZON_IGNITION_BUILD_TESTS),y)
@@ -205,8 +204,7 @@ else #BR2_PACKAGE_AMAZON_IGNITION_BUILD_TESTS
     endef
 
     define AMAZON_IGNITION_INSTALL_TARGET_CMDS
-        @$(call AMAZON_IGNITION_INSTALL_IGNITION_DEV)
-        @$(call AMAZON_IGNITION_INSTALL_IGNITION, ${TARGET_DIR})
+        @$(call AMAZON_IGNITION_INSTALL_IGNITION)
     endef
 
 endif # BR2_PACKAGE_AMAZON_IGNITION_BUILD_TESTS

package/cobalt/cobalt.mk

@@ -56,13 +56,16 @@ else
 export COBALT_EXECUTABLE_TYPE = executable
 endif
 
+export COBALT_DATA_PATH = "$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_DATA_PATH)")/Cobalt"
+COBALT_DATA_INSTALL_PATH = $(TARGET_DIR)/$(COBALT_DATA_PATH)
+
 define COBALT_BUILD_CMDS
     $(@D)/src/cobalt/build/gyp_cobalt -C $(COBALT_BUILD_TYPE) $(COBALT_PLATFORM)
     $(HOST_DIR)/usr/bin/ninja -C $(@D)/src/out/$(COBALT_PLATFORM)_$(COBALT_BUILD_TYPE) cobalt_deploy
 endef
 
 define COBALT_INSTALL_TARGET_CMDS
-    cp -a $(@D)/src/out/$(COBALT_PLATFORM)_$(COBALT_BUILD_TYPE)/content $(TARGET_DIR)/usr/share
+    cp -a $(@D)/src/out/$(COBALT_PLATFORM)_$(COBALT_BUILD_TYPE)/content/data/* $(COBALT_DATA_INSTALL_PATH)
 endef
 
 

package/makedevs/makedevs.c

@@ -440,15 +440,19 @@ void bb_show_usage(void)
 int bb_recursive(const char *fpath, const struct stat *sb,
 		int tflag, struct FTW *ftwbuf){
 
-	if (chown(fpath, recursive_uid, recursive_gid) == -1) {
+	errno = 0;
+	if (lchown(fpath, recursive_uid, recursive_gid) == -1) {
 		bb_perror_msg("chown failed for %s", fpath);
 		return -1;
 	}
-	if (recursive_mode != -1) {
-		if (chmod(fpath, recursive_mode) < 0) {
-			bb_perror_msg("chmod failed for %s", fpath);
-			return -1;
-		}
+
+	/* chmod() is optional, also skip if dangling symlink */
+	if (recursive_mode == -1 || ((tflag == FTW_SL) && (access(fpath, F_OK) != 0)))
+		return 0;
+
+	if (chmod(fpath, recursive_mode) < 0) {
+		bb_perror_msg("chmod failed for ---> %s", fpath);
+		return -1;
 	}
 
 	return 0;
@@ -628,7 +632,7 @@ int main(int argc, char **argv)
 				if (mknod(full_name_inc, mode, rdev) < 0) {
 					bb_perror_msg("line %d: can't create node %s", linenum, full_name_inc);
 					ret = EXIT_FAILURE;
-				} else if (chown(full_name_inc, uid, gid) < 0) {
+				} else if (lchown(full_name_inc, uid, gid) < 0) {
 					bb_perror_msg("line %d: can't chown %s", linenum, full_name_inc);
 					ret = EXIT_FAILURE;
 				} else if (chmod(full_name_inc, mode) < 0) {

package/wpe/wpeframework-amazon/Config.in

@@ -32,6 +32,7 @@ config BR2_PACKAGE_WPEFRAMEWORK_AMAZON_USER
 
 config BR2_PACKAGE_WPEFRAMEWORK_AMAZON_GROUP
 	string "group"
+	default BR2_PACKAGE_WPEFRAMEWORK_AMAZON_USER
     help
         The group that amazon prime user should use (root is not allowed)
 

package/wpe/wpeframework-amazon/wpeframework-amazon.mk

@@ -29,12 +29,21 @@ endif
 
 ifneq ($(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_INSTALL_PATH_OVERRIDE),"")
 WPEFRAMEWORK_AMAZON_CONF_OPTS += -DPLUGIN_AMAZON_PRIME_INSTALL_PATH=${BR2_PACKAGE_WPEFRAMEWORK_AMAZON_INSTALL_PATH_OVERRIDE}
+WPEFRAMEWORK_AMAZON_DATA_PATH = ${BR2_PACKAGE_WPEFRAMEWORK_AMAZON_INSTALL_PATH_OVERRIDE}
 else
 WPEFRAMEWORK_AMAZON_CONF_OPTS += -DPLUGIN_AMAZON_PRIME_INSTALL_PATH=${BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH}
+WPEFRAMEWORK_AMAZON_DATA_PATH = ${BR2_PACKAGE_AMAZON_IGNITION_IG_INSTALL_PATH}
 endif
 
 ifneq ($(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_USER),"")
 WPEFRAMEWORK_AMAZON_CONF_OPTS += -DPLUGIN_AMAZON_PRIME_NAME=$(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_USER)
+ifeq ($(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_GROUP),"")
+WPEFRAMEWORK_AMAZON_USER_GROUP=amazon
+else
+WPEFRAMEWORK_AMAZON_USER_GROUP=$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_GROUP)")
+endif
+WPEFRAMEWORK_AMAZON_USER=$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_USER)") -1 $(WPEFRAMEWORK_AMAZON_USER_GROUP) -1 * - - $(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_PLATFORM_VIDEO_DEVICE_GROUP)"),$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_GROUP)"),$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_CDMI_GROUP)") amazon
+WPEFRAMEWORK_AMAZON_PERMISSION=$(subst ",,$(WPEFRAMEWORK_AMAZON_DATA_PATH)") r 0550 root $(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_GROUP)") - - - - -
 endif
 
 ifneq ($(BR2_PACKAGE_WPEFRAMEWORK_AMAZON_GROUP),"")
@@ -57,4 +66,12 @@ ifeq ($(BR2_PACKAGE_WPEFRAMEWORK_DEBUG),y)
 WPEFRAMEWORK_AMAZON_CONF_OPTS += -DCMAKE_BUILD_TYPE=Debug
 endif
 
+define WPEFRAMEWORK_AMAZON_USERS
+	${WPEFRAMEWORK_AMAZON_USER}
+endef
+
+define WPEFRAMEWORK_AMAZON_PERMISSIONS
+	${WPEFRAMEWORK_AMAZON_PERMISSION}
+endef
+
 $(eval $(cmake-package))

package/wpe/wpeframework-netflix/Config.in

@@ -169,6 +169,18 @@ config BR2_PACKAGE_WPEFRAMEWORK_PLUGIN_NETFLIX_DEVICE_KEYS
     string "device keys"
     help 
         "Define the location where the hareware bound ESN and encryption keys can be found. Leave empty to disable"
+
+config BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_USER
+    string "user"
+    help
+        The user that amazon prime should use (root is not allowed)
+
+config BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP
+    string "group"
+    default BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_USER
+    help
+        The group that amazon prime user should use (root is not allowed)
+
 endif
 
 comment "netflix is dependent on the netflix package compiled as library"

package/wpe/wpeframework-netflix/wpeframework-netflix.mk

@@ -158,6 +158,21 @@ WPEFRAMEWORK_NETFLIX_CONF_OPTS += -DPLUGIN_ENABLE_AUDIO_DOWNMIX=true
 endif
 endif
 
+ifneq ($(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_USER),"")
+WPEFRAMEWORK_NETFLIX_CONF_OPTS += -DPLUGIN_NETFLIX_USER=$(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_USER)
+ifeq ($(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP),"")
+WPEFRAMEWORK_NETFLIX_USER_GROUP=netflix
+else
+WPEFRAMEWORK_NETFLIX_USER_GROUP=$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP)")
+endif
+WPEFRAMEWORK_NETFLIX_USER=$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_USER)") -1 $(WPEFRAMEWORK_NETFLIX_USER_GROUP) -1 * - - $(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_PLATFORM_VIDEO_DEVICE_GROUP)"),$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_GROUP)"),$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_CDMI_GROUP)") netflix
+WPEFRAMEWORK_NETFLIX_PERMISSION=$(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_DATA_PATH)")/Netflix r 0550 root $(subst ",,$(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP)") - - - - -
+endif
+
+ifneq ($(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP),"")
+WPEFRAMEWORK_NETFLIX_CONF_OPTS += -DPLUGIN_NETFLIX_GROUP=$(BR2_PACKAGE_WPEFRAMEWORK_NETFLIX_GROUP)
+endif
+
 ifeq ($(BR2_PACKAGE_WPEFRAMEWORK_CREATE_IPKG_TARGETS),y)
 
 WPEFRAMEWORK_NETFLIX_CONF_OPTS += -DWPEFRAMEWORK_CREATE_IPKG_TARGETS=ON
@@ -175,5 +190,13 @@ endef # WPEFRAMEWORK_NETFLIX_INSTALL_TARGET_CMDS
 
 endif # ($(BR2_PACKAGE_WPEFRAMEWORK_CREATE_IPKG_TARGETS),y)
 
+define WPEFRAMEWORK_NETFLIX_USERS
+	${WPEFRAMEWORK_NETFLIX_USER}
+endef
+
+define WPEFRAMEWORK_NETFLIX_PERMISSIONS
+	${WPEFRAMEWORK_NETFLIX_PERMISSION}
+endef
+
 $(eval $(cmake-package))