then /usr/sbin/setcap cap_dac_read_search=ei /usr/bin/du
fi
+# Package product/upstream/clat
+# Date Nov 26, 2019
+# Required cap_net_admin,cap_net_raw,cap_ipc_lock,cap_setuid,cap_setgid
+# cap_net_admin To create and configure interface, modify routing tables
+# cap_net_raw To open raw socket
+# cap_ipc_lock clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks capable(CAP_IPC_LOCK)
+# cap_setuid To forge UID when passing socket credentials via UNIX domain sockets
+# cap_setgid To forge GID when passing socket credentials via UNIX domain sockets
+
+if [ -e "/usr/bin/clatd" ]
+then /usr/sbin/setcap cap_net_admin,cap_net_raw,cap_ipc_lock,cap_setuid,cap_setgid=ei /usr/bin/clatd
+fi
# TODO: MOVE TO OTHER SCRIPT OR REMOVE
# Requested by sooyeon.kim@samsung.com (.voice) and dalton.lee@samsung.com (.multiassistant)
/usr/bin/audit-trail-daemon = cap_audit_write,cap_audit_control+ei
/usr/sbin/tcpdump = cap_net_raw+ei
/usr/bin/ua-manager = cap_net_raw,cap_sys_rawio+ei
+/usr/libexec/crash-stack = cap_dac_read_search,cap_sys_ptrace+ei
+/usr/sbin/minicoredumper = cap_dac_read_search,cap_sys_ptrace+ei
+/usr/bin/crash-service = cap_dac_override,cap_kill,cap_sys_ptrace+ei
+/usr/bin/dlogutil = cap_syslog+ei
+/usr/bin/du = cap_dac_read_search+ei
+/usr/bin/clatd = cap_setgid,cap_setuid,cap_net_admin,cap_net_raw,cap_ipc_lock+ei
+/usr/bin/buxton2ctl = cap_dac_override+ei
+/usr/bin/df = cap_dac_read_search+ei
+/usr/bin/crash-manager = cap_dac_override,cap_kill,cap_sys_ptrace+ei
+/usr/bin/memps = cap_dac_read_search,cap_sys_ptrace+ei
+/usr/bin/dotnet-hydra-launcher = cap_setgid,cap_sys_admin+ei
+/usr/bin/top = cap_sys_ptrace+ei
+/usr/bin/livedumper = cap_dac_override,cap_sys_ptrace+ei
chromium-efl.service;root;root;System::Privileged;
chromium-efl-install.service;web_fw;web_fw;System;
chromium-efl-update.service;root;root;System::Privileged;
+clat.service;network_fw;network_fw;System;
connman-vpn.service;network_fw;network_fw;System;
connman.service;network_fw;network_fw;System;
console-getty.service;root;root;System;
chromium-efl.service;root;root;System::Privileged;
chromium-efl-install.service;web_fw;web_fw;System;
chromium-efl-update.service;root;root;System::Privileged;
+clat.service;network_fw;network_fw;System;
connman-vpn.service;network_fw;network_fw;System;
connman.service;network_fw;network_fw;System;
console-getty.service;root;root;System;
chromium-efl.service;root;root;System::Privileged;
chromium-efl-install.service;web_fw;web_fw;System;
chromium-efl-update.service;root;root;System::Privileged;
+clat.service;network_fw;network_fw;System;
connman.service;network_fw;network_fw;System;
console-getty.service;root;root;System;
console-shell.service;root;root;System;
projects / platform / core / security / security-config.git / commitdiff