Legato legacy App - Directory permissions


#1

Hello,

I have a Legacy C++ apps that I crosscompiled in order to fit them like an app to Legato. My application after running checks if there is a file in some folder and then if there isn’t it creates the the file. This file is essentelly a database or a log file.

What I did is that I created the folder and put it as a bundle in the .adef file, I also gave the [w] permissions to that directory. My app can see that folder and files inside it but it can’t make a new file, it gets error return message which is saying I don’t have permissions to access that file.

What I did, I made a small .sh script which prints debug logs and does “touch my.file” now this script also confirmed that there is an issue when creating new files, because I got the same error.

Long question short:
How do I allow my application to create files in a folder? Because marking the folder with [w] permission tag won’t do that.

I’m working with MangOH Red and SW module WP8548. Running newest legato framework.


#2

I tried on WP750x.
I put the test script here:

root@swi-mdm9x15:/tmp# cat test.sh
echo > /tmp/123.txt

After that I run a unsandboxed legato application:

#include “legato.h”

COMPONENT_INIT
{
system("/tmp/test.sh");
LE_INFO(“Hello, world.”);
}

I can create /tmp/123.txt.


#3

Thanks for the reply.
My goal was to make a sandboxed application, to retain all the features of a sandbox app. Do you know if it is possible to do this without having sandboxed: set to false?


#4

So for sandboxed application, when you bundle a directory, the behaviour of not able to create a file in a directory is an expected behaviour for the following reason.
“Note
For security reasons, files and directories cannot be both writable and executable.
Directories always have executable permission set so they can be traversed. Setting the [x] permission in the dir: subsection causes the files under the directory to be made executable.
Setting [w] in the dir: subsection causes all files under that directory to be writable, but the directory itself will not be writable.”
Ref: http://legato.io/legato-docs/latest/defFilesAdef.html#defFilesAdef_bundles

So sandboxed application you should have empty file bundled before writing to it.
(or)
Have a Nonsandboxed application which allows you to create a file through API . and call that API from your sandboxed application.


#5

Thank you.
I will then have my files created and bundled.


#6

How about with a unsandboxed application which is used for creating file?
You can communicate with the unsandboxed application with your sandboxed application by using IPC.