diff mbox series

[2/4] arm/optee: Add optee udev rules

Message ID 20240925090147.66618-3-mikko.rapeli@linaro.org
State New
Headers show
Series optee 4.3 update and systemd service changes | expand

Commit Message

Mikko Rapeli Sept. 25, 2024, 9:01 a.m. UTC 
From: Javier Tia <javier.tia@linaro.org>

If a /dev/teepriv[0-9]* device is detected, start an instance of
tee-supplicant.service with the device name as parameter.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
---
 meta-arm/recipes-security/optee/optee-client.inc          | 8 +++++++-
 .../recipes-security/optee/optee-client/optee-udev.rules  | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules
diff mbox series

Patch

diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc
index ddda2d1a..f387c805 100644
--- a/meta-arm/recipes-security/optee/optee-client.inc
+++ b/meta-arm/recipes-security/optee/optee-client.inc
@@ -5,12 +5,13 @@  HOMEPAGE = "https://www.op-tee.org/"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
 
-inherit systemd update-rc.d cmake
+inherit systemd update-rc.d cmake useradd
 
 SRC_URI = " \
     git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
     file://tee-supplicant@.service \
     file://tee-supplicant.sh \
+    file://optee-udev.rules \
 "
 
 UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
@@ -26,6 +27,8 @@  EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
 do_install:append() {
     install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service
     install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
+    install -d ${D}${sysconfdir}/udev/rules.d
+    install -m 0644 ${UNPACKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules
 
     sed -i -e s:@sysconfdir@:${sysconfdir}:g \
            -e s:@sbindir@:${sbindir}:g \
@@ -38,3 +41,6 @@  SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME:${PN} = "tee-supplicant"
 INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system teeclnt"
diff --git a/meta-arm/recipes-security/optee/optee-client/optee-udev.rules b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules
new file mode 100644
index 00000000..075f469c
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules
@@ -0,0 +1,6 @@ 
+KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd"
+
+# If a /dev/teepriv[0-9]* device is detected, start an instance of
+# tee-supplicant.service with the device name as parameter
+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
+    TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"