Give capabilities to oded.

cap_dac_override to access /dev/mmcblk* and /dev/mapper/control
cap_sys_admin to use ioctl system call
cap_sys_boot after encryption, reboot is required
cap_sys_ptrace to know process for storage encryption
cap_kill to kill the process

Change-Id: If9c2dc087c40f0585d7eb31289f070a9c59454bd

diff --git a/config/set_capability b/config/set_capability
index edf063b13f5b80acf31ea1bd2a2df1a589ec8096..77cb28a247a4bab2e13f3a7be74646dece38b914 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -528,6 +528,21 @@ if [ -e "/usr/bin/wmeshd" ]
 then /usr/sbin/setcap cap_net_raw,cap_net_admin=ei /usr/bin/wmeshd
 fi
 
+# Package               platform/core/security/ode
+# Owner                 Jaemin Ryu(jm77.ryu@samsung.com)
+# Date                  Aug 23, 2017
+# Required              cap_dac_override, cap_sys_admin, cap_sys_boot, cap_sys_ptrace, cap_kill
+# cap_dac_override     to access /dev/mmcblk* and /dev/mapper/control
+#                      => To remove this cap, (1. include security_fw to disk gid) and (2. change the permission of /dev/mapper/control)
+# cap_sys_admin                to use ioctl system call
+# cap_sys_boot         after encryption, reboot is required
+# cap_sys_ptrace       to know process for storage encryption
+# cap_kill             to kill the process
+
+if [ -e "/usr/bin/oded" ]
+then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded
+fi
+
 # TODO: MOVE TO OTHER SCRIPT OR REMOVE
 # Requested by sooyeon.kim@samsung.com
 if [ -e "/etc/skel/share/.voice" ]