Set User:Group for edutm services as network_fw:network_fw

[Model]
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] Internal
[Occurrence Version] N/A

[Problem]
[Cause & Measure]
[Checking Method]

[Team] Bluetooth
[Developer] Deokhyun Kim
[Solution company] Samsung
[Change Type] Specification change

Change-Id: I0c6120a1d6aa52920c89f5f79c26676e8f920ba3
Signed-off-by: Deokhyun Kim <dukan.kim@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/packaging/bluetooth-edutm-off.service b/packaging/bluetooth-edutm-off.service
index 4458e79821913872a3b326ff3ee0babf9df754cd..8159b3e6a739c0ef64702a1060cbf5c6c166e6a8 100644 (file)
--- a/packaging/bluetooth-edutm-off.service
+++ b/packaging/bluetooth-edutm-off.service
@@ -2,9 +2,13 @@
 Description=Bluetooth EDUTM off
 
 [Service]
-User=root
-Group=root
+User=network_fw
+Group=network_fw
 Type=oneshot
+SmackProcessLabel=System
+
+SecureBits=keep-caps
+Capabilities=cap_net_admin,cap_net_raw=i
 
 ExecStart=/usr/etc/bluetooth/bt-edutm-off.sh
 ExecStartPost=/usr/bin/systemctl stop bluetooth-edutm-on

diff --git a/packaging/bluetooth-edutm-on.service b/packaging/bluetooth-edutm-on.service
index 70508dde86d7532d5a75303bf0020ce6e8e3a772..08e3c9eb7c8631e36aaa5be066d4b25b78b7e3d0 100644 (file)
--- a/packaging/bluetooth-edutm-on.service
+++ b/packaging/bluetooth-edutm-on.service
@@ -2,9 +2,13 @@
 Description=Bluetooth EDUTM on
 
 [Service]
-User=root
-Group=root
+User=network_fw
+Group=network_fw
 Type=oneshot
+SmackProcessLabel=System
+
+SecureBits=keep-caps
+Capabilities=cap_net_admin,cap_net_raw=i
 
 ExecStart=/usr/etc/bluetooth/bt-edutm-on.sh
 RemainAfterExit=yes