review.tizen.org Git - framework/web/webkit-efl.git/commit

Grant 'CAP_MAC_ADMIN' capability to WebProcess executable file

[Title] Grant inheritable/effective bit of 'CAP_MAC_ADMIN' capability to WebProcess executable file
[Issue#] N/A
[Problem] In 1 UI / N Web Process Model like web-provider,
          forked/executed WebProcess using tizen device apis needs to be changed to other proper process label.
          But, process label of WebProcess can't changed to other one.
[Cause] Current WebProcess executable file doesn't have necessary process capability (CAP_MAC_ADMIN).
        This capability makes a process to change its process label file (/proc/self/attr/current) directly.
[Solution] inheritable/effective bit of 'CAP_MAC_ADMIN' capability is set to xattr of /usr/bin/WebProcess
           This xattr is used by linux kernel, which calculates process capabilities of executed processes.
           forked/executed WebProcess has 'CAP_MAC_AMDIN' only if its parent UI process has also inheritable bit of the capability.
           So, inheritable bit of the capability will be set to web-provider (UI process)
           After this patch is applied, WebProcess from browser and web app doesn't have this capability as now.

Change-Id: Ic47b26041c9c3ca920b57fbb3b181a79e6ccb088

author	Yunchan Cho <yunchan.cho@samsung.com>
	Tue, 10 Sep 2013 05:43:00 +0000 (14:43 +0900)
committer	Gerrit Code Review <gerrit@gerrit.vlan144.tizendev.org>
	Tue, 10 Sep 2013 09:50:09 +0000 (09:50 +0000)
commit	a98f6bc10390bc9dbc30eefa4612cc50bc9b764a
tree	ebf9176a49b1e2b378b61c23454ebcfd3ba727ca	tree \| snapshot
parent	f49dab604165ddc4dd4af0d836c698eb3b432971	commit \| diff