(Before)
drwxr-xr-x 2 log log System::Run
(After)
drwxrwxr-x 2 log log System::Shared
...
User::Pkg::org.tizen.privacy-setting System::Run rwxat
^ System::Run rwxat
User System::Run rwxat
User::Shell System::Run rxl
System::TEF System::Run rwxat
System::Privileged System::Run rwxat
_ System::Run rwxat
System System::Run rwxat
...
User::Pkg::org.tizen.privacy-setting System::Shared rxl
User System::Shared rxl
User::Shell System::Shared rxl
System::TEF System::Shared rwxat
System::Privileged System::Shared rwxat
System System::Shared rwxat
/run/dlog/filters.d can only be updated by
1) 'root' shell (System::Privileged)
2) sdbd-forked processes ('log' gid + System)
Change-Id: I25875e09da720ca2d7be08216e1d7b60ee999b36
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Added Smack's transmute xattr to ensure files under filters.d receive appropriate label. ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
d /run/dlog 0755 log log - -
-d /run/dlog/filters.d 0755 log log - -
+d /run/dlog/filters.d 0775 log log - -
+t /run/dlog/filters.d 0775 log log - security.SMACK64TRANSMUTE=TRUE
+t /run/dlog/filters.d 0775 log log - security.SMACK64=System::Shared
d /run/dlog/priv 0700 log log - -
t /run/dlog/priv 0700 log log - security.SMACK64=System
d /run/dlog/priv/fifo 0700 log log - -