Modify User/Group for media-controller to enhance security

Change-Id: I15d9a5da4a9117eb6a80f4ad178d89507d3d0c65
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index 20cb364..3fad5a1 100644 (file)
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    0.1.19
+Version:    0.1.20
 Release:    1
 Group:      Multimedia/API
 License:    Apache-2.0
@@ -100,9 +100,7 @@ install -m 0775 %{SOURCE1001} %{buildroot}%{_bindir}/media-controller_create_db.
 %endif
 
 %post
-%if 0%{?multi_user}
-chgrp %TZ_SYS_USER_GROUP %{_bindir}/media-controller_create_db.sh
-%endif
+
 %postun
 
 %files
@@ -118,7 +116,7 @@ chgrp %TZ_SYS_USER_GROUP %{_bindir}/media-controller_create_db.sh
 %{_bindir}/media-controller_create_db.sh
 %endif
 %manifest media-controller-service.manifest
-%defattr(-,system,system,-)
+%defattr(-,multimedia_fw,multimedia_fw,-)
 %{_unitdir}/mediacontroller.service
 %{_unitdir}/mediacontroller.socket
 %{_unitdir}/sockets.target.wants/mediacontroller.socket

diff --git a/packaging/mediacontroller.service b/packaging/mediacontroller.service
index f8fd79d..fc2b419 100755 (executable)
--- a/packaging/mediacontroller.service
+++ b/packaging/mediacontroller.service
@@ -2,6 +2,8 @@
 Description=Media controller
 
 [Service]
+Owner=multimedia_fw
+Group=multimedia_fw
 ExecStart=/usr/bin/mediacontroller
 Type=simple
 

diff --git a/packaging/mediacontroller.socket b/packaging/mediacontroller.socket
index 04ff4ec..af9d83a 100644 (file)
--- a/packaging/mediacontroller.socket
+++ b/packaging/mediacontroller.socket
@@ -2,6 +2,8 @@
 Description=MediaController Service socket
 
 [Socket]
+SocketOwner=multimedia_fw
+SocketGroup=multimedia_fw
 ListenStream=/run/.mediacontroller.sock
 Service=mediacontroller.service