Add capabilites to bluetoothd

- cap_net_admin / cap_net_bind_service are needed to use socket and bind.

Change-Id: Icdaf1aa5704f9741760eadefe6c8260d17c1e44b

diff --git a/config/set_capability b/config/set_capability
index 5478b60b870f27f1caf7f93d6d83864ee12b1e86..1835aef7d718d63519d20a0d9136854502adaf23 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -570,9 +570,11 @@ fi
 # Date                  Nov 24, 2017
 # Required              cap_dac_override
 # cap_dac_override     to access bridge device
+# cap_net_admin                to use network-related operations
+# cap_net_bind_service to call bind
 
 if [ -e "/usr/libexec/bluetooth/bluetoothd" ]
-then /usr/sbin/setcap cap_dac_override=ei /usr/libexec/bluetooth/bluetoothd
+then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_dac_override=ei /usr/libexec/bluetooth/bluetoothd
 fi
 
 # Package               platform/core/system/dlog

diff --git a/test/capability_test/new_capabilities_exception.list b/test/capability_test/new_capabilities_exception.list
index 6c7b939b30989ae6222d44b259e226e0ed75e218..b6688c8b48a23fbb4a1b09734c8f40faff78d032 100644 (file)
--- a/test/capability_test/new_capabilities_exception.list
+++ b/test/capability_test/new_capabilities_exception.list
@@ -55,3 +55,4 @@
 /usr/bin/connman-vpnd = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
 /usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
 /usr/bin/dlog_logger = cap_syslog+ei
+/usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei