[M69 Migration][Product TV] Apply CAP-admin capability to efl_webprocess

This patch is migrated from m63:
https://review.tizen.org/gerrit/#/c/177876/

The process privilege should be dropped when web app is launched
to support "Process Pool" feature.

In order to drop the privilege, the process should have the
cap_mac_admin capability because we cannot use the "Dyntransition"
feature of security in only product tv environment.

Change-Id: I8601d8f7c306bb333275318bef4ffd1922f1c096
Signed-off-by: ss440 <ss440.han@samsung.com>

diff --git a/packaging/chromium-efl.spec b/packaging/chromium-efl.spec
index ad97ef3..45e1f67 100644 (file)
--- a/packaging/chromium-efl.spec
+++ b/packaging/chromium-efl.spec
@@ -28,6 +28,7 @@ Source1: content_shell.in
 
 %define tizen_version %{tizen_version_major}%{tizen_version_minor}
 
+Requires: /usr/bin/systemctl
 Requires(post): /sbin/ldconfig
 Requires(post): xkeyboard-config
 Requires(postun): /sbin/ldconfig
@@ -407,7 +408,11 @@ install -m 0755 tizen_src/ewk/utc_gtest_run.sh %{buildroot}/opt/usr/utc_exec/
 %{_xmldir}/%{_pkgid}.xml
 %defattr(-,root,root,-)
 %{_libdir}/libchromium-ewk.so
+%if "%{?tizen_profile_name}" == "tv"
+%caps(cap_mac_admin,cap_mac_override,cap_setgid=ei) %{CHROMIUM_EXE_DIR}/efl_webprocess
+%else
 %{CHROMIUM_EXE_DIR}/efl_webprocess
+%endif
 %{CHROMIUM_EXE_DIR}/icudtl.dat
 %{CHROMIUM_EXE_DIR}/natives_blob.bin
 %{CHROMIUM_EXE_DIR}/snapshot_blob.bin