[PATCH 0/3]udev-extraconf:fix rootless X write to usb storage failed

[PATCH 0/3]udev-extraconf:fix rootless X write to usb storage failed

[Hongxu Jia]

The following need to be discussed:
1, Is it proper to change the group of storage dir to `disk', and grant
   it with w/r/x permissions?

2, Is it proper to add xuser to group `disk', is there a security issue?


The following changes since commit 95b71d2b03a3a6dc5d32a7d6a84ec3420f39aa61:

  routerstationpro: strip the output kernel of .comment section (2013-04-11 09:03:21 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib hongxu/fix-udev-xuser-2
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-udev-xuser-2

Hongxu Jia (3):
  xserver-nodm-init: Add xuser to disk group
  connman.inc: Add xuser to disk group
  udev-extraconf:fix rootless X write to usb storage failed

 meta/recipes-connectivity/connman/connman.inc      |    2 +-
 meta/recipes-core/udev/udev-extraconf/mount.sh     |   25 ++++++++++++++++++--
 .../x11-common/xserver-nodm-init.bb                |    4 ++--
 3 files changed, 26 insertions(+), 5 deletions(-)

-- 
1.7.10.4

[PATCH 1/3] xserver-nodm-init: Add xuser to disk group

[Hongxu Jia]

Add xuser to disk group, so it could have permissions to access disk storage.

[YOCTO #4004]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-graphics/x11-common/xserver-nodm-init.bb |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
index d2797a9..204a53d 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SECTION = "x11"
-PR = "r31"
+PR = "r32"
 RDEPENDS_${PN} = "sudo"
 
 SRC_URI = "file://xserver-nodm \
@@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
 # USERADD_PARAM is in sync with the one in connman.inc
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio,input \
+                       --groups video,tty,audio,input,disk \
                        --user-group xuser"
 
-- 
1.7.10.4

[PATCH 2/3] connman.inc: Add xuser to disk group

[Hongxu Jia]

1, Add xuser to disk group, so it could have permissions to access disk storage.

2, When fix [YOCTO #4164] xserver-nodm-init: Add xuser to input group, it
missed to sync with this file.

[YOCTO #4004]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-connectivity/connman/connman.inc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 5d35bc2..1af93b1 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -53,7 +53,7 @@ SYSTEMD_WIRED_SETUP = "ExecStartPre=-/usr/lib/connman/wired-setup"
 # USERADD_PARAM is in sync with the one in xserver-nodm-init.bb
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio \
+                       --groups video,tty,audio,input,disk \
                        --user-group xuser"
 
 inherit autotools gtk-doc pkgconfig systemd update-rc.d useradd
-- 
1.7.10.4

[PATCH 3/3] udev-extraconf:fix rootless X write to usb storage failed

[Hongxu Jia]

Rootless X is owned by xuser, the problem is xuser doesn't have permissions to
write usb storage when the type of filesystem is not one of ext2/3/4 or btrfs.
...
mount
/dev/sdb1 on /media/sdb1 type ext4
/dev/sdb2 on /media/sdb2 type vfat
/dev/sdb3 on /media/sdb3 type ntfs
/dev/sdb4 on /media/sdb4 type btrfs
/dev/sdb2 on /media/sdb5 type jfs
/dev/sdb1 on /media/sdb6 type xfs
...
ls /media/ -al
drwx------    3 xuser    xuser         1024 Apr 10 09:08 sdb1
drwxr-xr-x    2 root     root         16384 Jan  1  1970 sdb2
drwx------    1 root     root          4096 Apr 10 09:12 sdb3
drwx------    1 xuser    xuser            0 Apr 10 09:14 sdb4
drwxr-xr-x    2 root     root             6 Apr 10 09:39 sdb5
drwxr-xr-x    2 root     root           256 Apr 10 09:39 sdb6
...

The usb storage is mounted to dir `/media/sd**' by a udev's mount.sh script,
Modify the script to change the group owner of dir to `disk', and grant w/r/x
permissions to it, so the one (such as xuser) in the disk group could access
the storage.

There are two solutions to do according to the type of USB's filesystem.
1, For vfat, fat, ntfs, add mount option `gid' and `umask'.
2, For others, invoke chgrp and chmod after mount.

[YOCTO #4004]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-core/udev/udev-extraconf/mount.sh |   25 ++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/udev/udev-extraconf/mount.sh b/meta/recipes-core/udev/udev-extraconf/mount.sh
index 99c76b2..27961eb 100644
--- a/meta/recipes-core/udev/udev-extraconf/mount.sh
+++ b/meta/recipes-core/udev/udev-extraconf/mount.sh
@@ -18,15 +18,36 @@ do
 done
 
 automount() {	
+	local mount_opt=""
+	local invoke_chown=""
+
+	# According to the type of filesystem, there are two solutions to change
+	# the group owner of storage to `disk' and grant w/r/x permissions.
+	case $ID_FS_TYPE in
+	vfat|fat|ntfs)
+		# By mount.
+		mount_opt="-o umask=007,gid=`awk -F':' '/^disk/{print $3}' /etc/group`"
+		;;
+	# Such as btrfs, minix, xfs, jfs, ext2, ext3, ext4, nilfs2.
+	*)
+		# By invoking chgrp and chmod after mount.
+		invoke_chgrp="1"
+		;;
+	esac
+
 	name="`basename "$DEVNAME"`"
 
 	! test -d "/media/$name" && mkdir -p "/media/$name"
 	
-	if ! $MOUNT -t auto $DEVNAME "/media/$name"
+	if ! $MOUNT -t auto $mount_opt $DEVNAME "/media/$name"
 	then
-		#logger "mount.sh/automount" "$MOUNT -t auto $DEVNAME \"/media/$name\" failed!"
+		#logger "mount.sh/automount" "$MOUNT -t auto $mount_opt $DEVNAME \"/media/$name\" failed!"
 		rm_dir "/media/$name"
 	else
+		if [ "$invoke_chgrp" = "1" ]; then
+			chgrp "disk" "/media/$name"
+			chmod g+wrx "/media/$name"
+		fi
 		logger "mount.sh/automount" "Auto-mount of [/media/$name] successful"
 		touch "/tmp/.automount-$name"
 	fi
-- 
1.7.10.4

[PATCH 2/3] connman.inc: Add xuser to disk group

[Hongxu Jia]

1, Add xuser to disk group, so it could have permissions to access
storage which is in disk group.

2, When fix [YOCTO #4164] xserver-nodm-init: Add xuser to input group, it
missed to sync with this file.

[YOCTO #4004]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-connectivity/connman/connman.inc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 5d35bc2..1af93b1 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -53,7 +53,7 @@ SYSTEMD_WIRED_SETUP = "ExecStartPre=-/usr/lib/connman/wired-setup"
 # USERADD_PARAM is in sync with the one in xserver-nodm-init.bb
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio \
+                       --groups video,tty,audio,input,disk \
                        --user-group xuser"
 
 inherit autotools gtk-doc pkgconfig systemd update-rc.d useradd
-- 
1.7.10.4