Set User:Group for edutm services as network_fw:network_fw

[Model]
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] Internal
[Occurrence Version] N/A

[Problem]
[Cause & Measure]
[Checking Method]

[Team] Bluetooth
[Developer] Deokhyun Kim
[Solution company] Samsung
[Change Type] Specification change

Change-Id: I0c6120a1d6aa52920c89f5f79c26676e8f920ba3
Signed-off-by: Deokhyun Kim <dukan.kim@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/packaging/bluetooth-edutm-off.service b/packaging/bluetooth-edutm-off.service
index 4458e79..8159b3e 100644 (file)
--- a/packaging/bluetooth-edutm-off.service
+++ b/packaging/bluetooth-edutm-off.service
@@ -2,9 +2,13 @@
 Description=Bluetooth EDUTM off
 
 [Service]
-User=root
-Group=root
+User=network_fw
+Group=network_fw
 Type=oneshot
+SmackProcessLabel=System
+
+SecureBits=keep-caps
+Capabilities=cap_net_admin,cap_net_raw=i
 
 ExecStart=/usr/etc/bluetooth/bt-edutm-off.sh
 ExecStartPost=/usr/bin/systemctl stop bluetooth-edutm-on

diff --git a/packaging/bluetooth-edutm-on.service b/packaging/bluetooth-edutm-on.service
index 70508dd..08e3c9e 100644 (file)
--- a/packaging/bluetooth-edutm-on.service
+++ b/packaging/bluetooth-edutm-on.service
@@ -2,9 +2,13 @@
 Description=Bluetooth EDUTM on
 
 [Service]
-User=root
-Group=root
+User=network_fw
+Group=network_fw
 Type=oneshot
+SmackProcessLabel=System
+
+SecureBits=keep-caps
+Capabilities=cap_net_admin,cap_net_raw=i
 
 ExecStart=/usr/etc/bluetooth/bt-edutm-on.sh
 RemainAfterExit=yes