diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index ddda2d1a..f387c805 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -5,12 +5,13 @@ HOMEPAGE = "https://www.op-tee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -inherit systemd update-rc.d cmake +inherit systemd update-rc.d cmake useradd SRC_URI = " \ git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ file://tee-supplicant@.service \ file://tee-supplicant.sh \ + file://optee-udev.rules \ " UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$" @@ -26,6 +27,8 @@ EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" do_install:append() { install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant + install -d ${D}${sysconfdir}/udev/rules.d + install -m 0644 ${UNPACKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ @@ -38,3 +41,6 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME:${PN} = "tee-supplicant" INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system teeclnt" diff --git a/meta-arm/recipes-security/optee/optee-client/optee-udev.rules b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules new file mode 100644 index 00000000..075f469c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules @@ -0,0 +1,6 @@ +KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"