then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_setgid=ei /usr/bin/launchpad-loader
fi
+# Package platform/core/appfw/launchpad
+# Owner Junghoon Park(jh9216.park@samsung.com)
+# Date Feb 25, 2020
+# Required cap_setgid, cap_sys_admin, cap_sys_nice
+# cap_setgid to use security_manager_prepare_app()
+# cap_sys_admin to split mount namespace
+# cap_sys_nice to change scheduling priority
+
+# TODO : condition check about launchpad-starter is temporary
+if [ -e "/usr/bin/app-defined-loader" ] && [ ! -e "/usr/bin/launchpad-starter" ]
+then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_setgid=ei /usr/bin/app-defined-loader
+fi
+
# Package platform/core/dotnet/launcher
# Owner Pius Lee(pius.lee@samsung.com)
# Date July 4, 2017
# Package platform/core/security/krate
# Date Sep 19, 2018
# Required cap_sys_admin
-# cap_sys_admin Do bind-mount to control the file access
+# cap_sys_admin Do bind-mount to control the file access
if [ -e "/usr/bin/krate-mount" ]
then /usr/sbin/setcap cap_sys_admin=ei /usr/bin/krate-mount
/usr/bin/amd = cap_dac_override,cap_kill,cap_sys_admin+ei
/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+ei
/usr/bin/launchpad-loader = cap_setgid,cap_sys_admin,cap_sys_nice+ei
+/usr/bin/app-defined-loader = cap_setgid,cap_sys_admin,cap_sys_nice+ei
/usr/bin/email-service = cap_chown+eip
/usr/bin/wgt-backend = cap_chown,cap_dac_override,cap_fowner+ei
/usr/bin/download-provider = cap_chown,cap_dac_override+ei
projects / platform / core / security / security-config.git / commitdiff