# Package pkgmgr-server
# Owner Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date June 30, 2016
-# Required /usr/bin/pkgmgr-server : cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid : ei
+# Required /usr/bin/pkgmgr-server : cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid, cap_mac_override : ei
# cap_chown fchown : change owner
# cap_dac_override Access user and global database file of package manager
# cap_fsetid fchmod : change mode
# cap_kill killpg function
# cap_setgid setgid and setgroups function
# cap_setuid setuid function
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/pkgmgr-server" ]
-then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid=ei /usr/bin/pkgmgr-server
+then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_mac_override=ei /usr/bin/pkgmgr-server
fi
# Package app-installers
# Package tpk-backend
# Owner Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date Aug 10, 2016
-# Required /usr/bin/tpk-backend : cap_dac_override, cap_chown, cap_fowner : ei
+# Required /usr/bin/tpk-backend : cap_dac_override, cap_chown, cap_fowner, cap_mac_override : ei
# cap_dac_override access to /home/$USER/apps_rw
# cap_chown use chown API
# cap_fowner use chmod API
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/tpk-backend" ]
-then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=ei /usr/bin/tpk-backend
+then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner,cap_mac_override=ei /usr/bin/tpk-backend
fi
# Package wgt-backend
# Owner Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date Aug 10, 2016
-# Required /usr/bin/wgt-backend : cap_dac_override, cap_chown, cap_fowner : ei
+# Required /usr/bin/wgt-backend : cap_dac_override, cap_chown, cap_fowner, cap_mac_override : ei
# cap_dac_override access to /home/$USER/apps_rw
# cap_chown use chown API
# cap_fowner use chmod API
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/wgt-backend" ]
-then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=ei /usr/bin/wgt-backend
+then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner,cap_mac_override=ei /usr/bin/wgt-backend
fi
# Package xdelta3
# Package platform/coer/appfw/pkgmgr-tool
# Owner JongMyeong Ko(jongmyeong.ko@samsung.com)
# Date Jan 23, 2017
-# Required /usr/bin/pkg_cleardata : cap_dac_override : ei
+# Required /usr/bin/pkg_cleardata : cap_dac_override, cap_mac_override : ei
# cap_dac_override to remove application resources in pkg directory
-# TODO: REMOVED IN TIZEN 4.0
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/pkg_cleardata" ]
-then /usr/sbin/setcap cap_dac_override=ei /usr/bin/pkg_cleardata
+then /usr/sbin/setcap cap_dac_override,cap_mac_override=ei /usr/bin/pkg_cleardata
fi
# Package platform/core/appfw/launchpad
# Package platform/core/appfw/unified-backend
# Date Jul 15, 2020
-# Required /usr/bin/unified-backend : cap_dac_override, cap_chown, cap_fowner : ei
+# Required /usr/bin/unified-backend : cap_dac_override, cap_chown, cap_fowner, cap_mac_override : ei
# cap_dac_override access to /home/$USER/apps_rw
# cap_chown use chown API
# cap_fowner use chmod API
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/unified-backend" ]
-then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=ei /usr/bin/unified-backend
+then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner,cap_mac_override=ei /usr/bin/unified-backend
fi
# Package app-installers
# Package platform/core/appfw/pkgmgr-tool
# Date Sep 01, 2021
-# Required /usr/bin/res-copy : cap_chown, cap_dac_override, cap_fowner : ei
+# Required /usr/bin/res-copy : cap_chown, cap_dac_override, cap_fowner, cap_mac_override : ei
# cap_chown To change copied file's ownership(root:priv_platform)
# cap_dac_override To change copied file's ownership(root:priv_platform)
# cap_fowner To change copied file's ownership(root:priv_platform)
+# cap_mac_override To abort app directories creation / deletion
if [ -e "/usr/bin/res-copy" ]
-then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fowner=ei /usr/bin/res-copy
+then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fowner,cap_mac_override=ei /usr/bin/res-copy
fi
# Package platform/core/appfw/pkgmgr-info
projects / platform / core / security / security-config.git / commitdiff