changeset 155:1f20e05d1a7a

8067955: DIO privileges issue Summary: Policy file and udev script were added Reviewed-by: alkonsta
author snazarki
date Fri, 10 Apr 2015 18:34:14 +0300
parents 26032e12a445
children 26d04027287d
files config/gpio.rules-raspberrypi config/java.policy.ext.rpi
diffstat 2 files changed, 85 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config/gpio.rules-raspberrypi	Fri Apr 10 18:34:14 2015 +0300
@@ -0,0 +1,36 @@
+#########################################################################
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+#########################################################################
+
+# udev script to access GPIO devices without root privileges.
+# copy it to "/etc/udev/rules.d/gpio.rules" file.
+# "gpio" user group must be present at the host
+# note! tested on RaspberryPi only. 
+
+SUBSYSTEM=="gpio", KERNEL=="gpiochip[0-9]*", ACTION=="add", DEVPATH=="/devices/virtual/gpio/gpiochip[0-9]*",\
+ PROGRAM="/bin/sh -c 'cd /sys%p/subsystem; chown :gpio export unexport; chmod g+w export unexport'"
+ 
+SUBSYSTEM=="gpio", KERNEL=="gpio[0-9]*", ACTION=="add", DEVPATH=="/devices/virtual/gpio/gpio[0-9]*",\
+ PROGRAM="/bin/sh -c 'cd /sys%p; chown :gpio direction value edge; chmod g+w direction value edge'"
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config/java.policy.ext.rpi	Fri Apr 10 18:34:14 2015 +0300
@@ -0,0 +1,49 @@
+#########################################################################
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+#########################################################################
+
+// this an example of java policy file with security permissions required for DIO library.
+
+// policy for DIO framework
+grant codeBase "file:./dio.jar" {
+        permission "java.util.PropertyPermission" "jdk.dio.registry", "read";
+        permission "java.io.FilePermission" "./dio.properties-raspberrypi", "read,write";
+        permission "java.lang.RuntimePermission" "loadLibrary.dio";
+// used by classloader when libdio.so is loaded
+        permission "java.util.PropertyPermission" "user.dir", "read";
+// these are necessary for open_by_id case (note! there should be no DeviceMgmtPermission)
+        permission jdk.dio.adc.ADCPermission "*:*";
+        permission jdk.dio.atcmd.ATPermission "*:*";
+        permission jdk.dio.counter.CounterPermission "*:*";
+        permission jdk.dio.dac.DACPermission "*:*";
+        permission jdk.dio.generic.GenericPermission "*:*";
+        permission jdk.dio.gpio.GPIOPinPermission "*:*", "open,setdirection";
+        permission jdk.dio.gpio.GPIOPortPermission "*:*";
+        permission jdk.dio.i2cbus.I2CPermission "*:*";
+        permission jdk.dio.pwm.PWMPermission "*:*";
+        permission jdk.dio.spibus.SPIPermission "*:*";
+        permission jdk.dio.uart.UARTPermission "*:*";
+        permission jdk.dio.watchdog.WatchdogTimerPermission "*:*";
+};